Recent research has discovered how a number of smartphones applications have been profiting from surges in the price of Bitcoin. Ok, this might sound a little obvious, everyone profits when the price of Bitcoin surges right? In this instance though, it seems that these applications (or apps) have been built to take advantage of price surges in order to scam cryptocurrency investors out of their own money.
The apps allegedly appeared on the Google Play store as cryptocurrency wallets. The Google Play store is the native app market to the Android operating system so is very widespread. The first app was called Coin Wallet and tricked users in to thinking it gave them access to their own personal and secure cryptocurrency wallet. What this actually was however was a portal into the hackers wallet. Coin Wallet simply encouraged users to move their Bitcoin into the attackers wallet, this activity of course spiked during times when the price of Bitcoin soared. According to ARSTechnica:
“Coin Wallet let users create wallets for a host of different cryptocurrencies. While Coin Wallet purported to generate a unique wallet address for users to deposit coins, the app in fact used a developer-owned wallet for each supported currency, with a total of 13 wallets. Each Coin Wallet user was assigned the same wallet address for a specific currency.”
A researcher ESET Malware, Lukas Stenfanko has since written in a blog post to discuss some of their findings within the research that led to the discovery of Coin Wallet. Stefanko said:
“The app claims it lets users create wallets for various cryptocurrencies. However, its actual purpose is to trick users into transferring cryptocurrency into the attackers' wallets—a classic case of what we named wallet address scams in our previous research of cryptocurrency-targeting malware.”
The second app discovered by the team was called Trezor Mobile Wallet - stealing its name from the popular and legitimate Trezor wallet series. The app forced users to share their legit Trezor wallet information, in turn giving attackers access to their actual Trezor wallets. Again, this app seems to have seen a great amount of activity during Bitcoin price surges. Thankfully though, thanks to Trezors advanced security systems, the attackers did not manage to steal any assets from legitimate Trezor accounts:
“Multiple security layers built into real Trezor wallets prevented any credentials entered from accessing legitimate accounts. Still, any email addresses or other personal data could potentially be used in phishing attacks. Stefanko said the fake Trezor app listing on Play appeared to be trustworthy at first glance because the name, developer name, app category, app description, and images all seemed legitimate. It also appeared as the second result when searching Play for Trezor.”