07 July 21, 17:11
Quote:Bogus cryptomining apps for Android available for download on Google Play are estimated to have scammed more than 93,400 victims to date, researchers said, stealing at least $350,000.
According to Lookout, the apps – categorized into “BitScam” and “CloudScam” versions – advertise themselves as providing cryptocurrency mining services for a fee. They claim to perform cloud mining — i.e., instead of users buying hardware and paying big electricity bills to contribute to a mining pool, cloud miners rent cloud computing power instead.
However, no such cryptomining actually takes place. In fact, nothing at all takes place.
“These apps were able to fly under the radar because they don’t actually do anything malicious,” said Ioannis Gasparis, a mobile application security researcher at Lookout, in an analysis released on Wednesday. “They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist. Purchasing goods or services online always requires a certain degree of trust — these scams prove that cryptocurrency is no exception.”
In addition to offering the “apps” themselves for a fee, the scammers also promote additional services and upgrades that users can purchase within the apps, either by transferring Bitcoin or Ethereum cryptocurrencies directly to the developers’ wallets (the BitScam version) or via the Google Play in-app billing system (the CloudScam version).
There were 25 such apps found on the official Google Play store and 170 overall when third-party app stores are taken into account. While the cryptomining apps have now been removed from Google Play, those dozens more still available for side-loading continue to lure people in, Gasparis noted. He told Threatpost that he also found evidence in various channels like Medium, Telegram and Twitter promoting similar cryptomining scam apps, with many of them referencing the apps found on Google Play.
“Cloud mining introduces both convenience and cybersecurity risks. Because of the simplicity and agility of cloud computing, it is quick and easy to set up a realistic-looking cryptomining service that is really a scam,” he said in the report. “Cybercriminals have set up similar schemes to steal from desktop users, [but this is] the first scam that packages this scheme into mobile apps.”
Read more: Cloud Cryptomining Swindle in Google Play Rakes in Cash | Threatpost