Fake Crypto Wallet Apps Discovered in Google Play, Built Using Drag-n-Drop

[silversurfer]

The Google Play store is not home only to banking trojans as security researcher Lukas Stefanko discovered after finding four malicious Android apps camouflaged as fake cryptocurrency wallets. 

Moreover, the apps found by Stefanko used two different methods to help the bad actors who developed them to get their paws on the target's cryptocurrency funds.

MetaMask, the first one of them impersonates a legitimate service which allows you to "run Ethereum dApps right in your browser" but describes itself as a multi-currency wallet on the Google Play store.

This fake wallet app used phishing tactics to steal the victim's credentials wallet password and private key. As a bonus, according to the screenshot of its Google Play store page provided by the researcher, the MetaMask was also displaying ads probably as an extra revenue stream.

The other three malicious Android apps were camouflaging themselves as NEO and Tether wallet apps, and they would steal cryptocurrency funds from their victims by pretending to generate a private key and public address.

Source: https://news.softpedia.com/news/fake-cry...3770.shtml