Inside money, markets, and big tech

Ethereum thieves are targeting Android users with fake MyEtherWallet apps


One consequence of the recent cryptocurrency craze is that people are increasingly more interested in downloading a wallet on their phones. But it seems scammers have found an opportunity to exploit this trend – and are now actively seeking to dupe gullible Ethereum ETH holders with malicious MyEtherWallet copycats on Google Play.

Malware researcher Lukas Stefanko has taken to Twitter to warn users away from a malicious instance of the popular Ethereum wallet that is currently being distributed on Google’s official mobile software platform.

The researcher goes on to explain that – once installed – the shady copycat requires users to fill in their private key (or 12-word mnemonic phrase) to log in.

For those curious, here is how the fake app looks like:

According to Google Play data, the malicious MyEtherWallet instance first made its way to the platform on January 18 last week. It has been downloaded between 100 and 500 times since then.

Fortunately, a number of observant users have since pointed out that the app is malicious – and seeking to phish your private keys.

One particularly concerning detail is that the app seems to have stacked a relatively decent star rating – standing at 3.8 stars at the time of writing, with more than 30 positive reviews.

Whether it is the notoriously bad UX or the general lack of knowledge in the space, cryptocurrency has become especially popular with scammers recently.

Indeed, earlier this week Ethereum founder Vitalik Buterin cautioned users to be extra careful if someone posing as him contacts them with requests to “send funds.” Prior to that, Google was flush with fraudulent copycats of popular exchange desk Binance, seeking to turn users into affiliates.

Those curious to get familiar with some of the most recent scams on the cryptocurrency scene can consult with the Ethereum Scam Database. Until then: Pay attention to what apps you download – and remember to never share your private keys.

Published January 24, 2018 — 15:31 UTC