Despite Google’s best efforts to stamp out anything to do with cryptocurrency (they banned all crypto-advertising in a move to protect their users, remember) it transpires that the Google Play Store, the native app store for Android and Google devices, is absolutely rife with malicious apps designed to rinse your assets. According to TheNextWeb.com, security research Lukas Stefanko has recently made some rather disturbing discoveries about apps that are available for download on the play store. Most shockingly, some of the content has remained live for almost a week, before Google took action and removed such content. The report highlights that one example of a malicious app, designed to mimic MyEtherWallet managed to receive almost 500 downloads before the app was taken down. This specific example was used to extract users credentials and private keys, meaning that victims where at great risk of having their assets stolen from them. According to TheNextWeb.com:
“While data suggests that some of these malicious apps hardly got any traction, the MyEtherWallet copycat which made its way to the Play Store in January was downloaded between 100 and 500 times before it got taken down. One of the reasons it managed to garner some success was probably because it remained on the Play Store for almost a week.”
Fake version of @myetherwallet app has been available on Google Play for last 4 days. App tries to lure your PK. pic.twitter.com/5gdE8i3POQ
— Lukas Stefanko (@LukasStefanko) April 18, 2018
This report highlights some rather shocking information. These applications put users at serious risk, not only of losing their assets but moreover they are at a significant risk of having their personal data stolen. Information such as emails and passwords that could ultimately lead to other web services being hacked into, putting users at risk of further fraudulent crimes. Overall, according to TheNextWeb.com, RiskIQ indicate that across the mobile phone app industry (made of around 20 official online stores), 661 malicious apps where discovered, the majority of which did appear on Google Play. This highlights just how high the risk is, it is not just isolated within Google and could affect users of iOS and other, similar operating formats.
“But as Stefanko’s recurrent findings show, the mechanism is incapable of keeping up with the attackers’ ever-evolving methods: and unless Google finds a more efficient measure of counter-acting such ill-intended efforts, it is only a matter of time before someone gets burnt.”
Something must be done about this, changes must be made. Otherwise, we are only going to see more devastating hacks, more loss of assets and more data theft. If this happens, the integrity of the entire blockchain industry is at risk. Google, Apple and others, all have a huge responsibility to take action, soon. Featured Image Original Source: Wikipedia Commons.
Investment Disclaimer