Despite Google’s hardline stance against malicious cryptocurrency apps, some still find ways of sneaking through its net.
Security and malware researcher, Lukas Stefanko, published a video yesterday exposing how a malicious app, distributed via Google’s Play Store, steals the sensitive data from unsuspecting users.
Disguised as a currency conversion tool, the app (called Easy Rates Converter) is actually designed to snatch your personal credentials for a number of legitimate apps. Among other apps, the attackers were targeting CommBank, Google Play, as well as the official app of Binance, one of the world’s biggest cryptocurrency exchange desks. According to Stefanko, the app had over 500 downloads.
When the user downloads the app, it installs and operates as you would expect. However, in the background it also downloads and installs phishing malware dressed up as an Adobe Flash update. Sounds familiar.
The malware then waits for its moment to strike.
When you open legitimate apps like, Binance, the malware creates a “fake activity” which overlays the legitimate app. The “fake activity” prompts the user to input their user details, which are then saved and sent to the phishers.
Stefanko demonstrates the malware with conventional banking app CommBank, but states it also phishes on the Binance app.
Theoretically, this would be enough to gain illegitimate access to not just your cryptocurrency exchange accounts, but your regular banking apps too.
It appears that the rogue app has since been removed from Google Play. Hard Fork reached out to Google for comment. We will update this piece as we learn more.
Malware like this could be pretty difficult to spot, as the app does indeed install a legitimate program that operates as you might expect.
To avoid falling foul of these apps, Stefanko told Hard Fork that users should “check [the] rating and reliability of developer [and stick to] verified apps (many installs) not new comers.”
Published November 2, 2018 — 14:55 UTC