Researchers at Cyble Research and Intelligence Labs (CRIL) have discovered more than 20 fraudulent Android apps on the Google Play Store. Discovered in recent weeks, the apps are part of a single "continuous and active campaign".
Hacked Developer Accounts
However, they are being distributed to the store through "different developer accounts". These accounts were initially "used to distribute legitimate applications". This is partly why the apps were able to evade Google's security filters. According to researchers, "these old developer accounts have likely been compromised."
These malicious apps are designed solely to steal cryptocurrency from smartphone users. The apps identified by CRIL focus on popular crypto wallets, such as SushiSwap, PancakeSwap, and Hyperliquid.
To achieve their goals, the apps will collect security phrases, or recovery phrases, from investors. These allow access to a crypto wallet and take control of the funds. This is a random sequence of 12, 18, or 24 words, determined when the wallet is created.
Fake crypto apps on the Play Store
The hackers' modus operandi is simply to impersonate crypto wallets. Hackers have developed fake apps that pretend to be official solutions. They use the name, logo, and interface to fool Internet users.
Once online on the Play Store, they are downloaded and installed by investors who are convinced they are dealing with the official app. They then enter their recovery phrase, without realizing that they are giving the keys to their money to hackers. "These attacks can cause permanent financial losses for victims, as cryptocurrency transactions are difficult to reverse and lack protection," explains the CRIL.
The phrase collection takes place on a phishing page, which mimics the wallet interface opened by the fraudulent application at launch. This "well-coordinated phishing operation" relies on "a large-scale infrastructure" and more than 50 different domains.
Apps to uninstall urgently
In its report, Cyble Research and Intelligence Labs has compiled the complete list of malicious Android applications, which must be uninstalled immediately. Note that several of the applications have the same name, as they impersonate official tools developed by crypto platforms. Without further ado, here's the list:
Unsurprisingly, researchers alerted Google to the presence of deceptive apps on its store. The Mountain View giant quickly responded by removing most of the apps. However, "some of these apps are still online". We therefore recommend that you remain cautious and carefully check the developer's name before installing an app on your smartphone. Also, take the time to read the comments. Very often, they allow you to understand that the app does not work as promised...
Source: Cyble
0 Comments