The party is ON! Join us at TNW Conference 2021 in Amsterdam for face-to-face business!

Inside money, markets, and Big Tech

This article was published on January 24, 2018

Ethereum thieves are targeting Android users with fake MyEtherWallet apps

Ethereum thieves are targeting Android users with fake MyEtherWallet apps
Mix
Story by

Mix

Former TNW Writer

Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about Mix is a tech writer based in Amsterdam that loves cinema and probably hates the movies that you like. Tell him everything you despise about his work on Twitter.

One consequence of the recent cryptocurrency craze is that people are increasingly more interested in downloading a wallet on their phones. But it seems scammers have found an opportunity to exploit this trend – and are now actively seeking to dupe gullible Ethereum holders with malicious MyEtherWallet copycats on Google Play.

Malware researcher Lukas Stefanko has taken to Twitter to warn users away from a malicious instance of the popular Ethereum wallet that is currently being distributed on Google’s official mobile software platform.

The researcher goes on to explain that – once installed – the shady copycat requires users to fill in their private key (or 12-word mnemonic phrase) to log in.

For those curious, here is how the fake app looks like:

According to Google Play data, the malicious MyEtherWallet instance first made its way to the platform on January 18 last week. It has been downloaded between 100 and 500 times since then.

Fortunately, a number of observant users have since pointed out that the app is malicious – and seeking to phish your private keys.

One particularly concerning detail is that the app seems to have stacked a relatively decent star rating – standing at 3.8 stars at the time of writing, with more than 30 positive reviews.

Whether it is the notoriously bad UX or the general lack of knowledge in the space, cryptocurrency has become especially popular with scammers recently.

Indeed, earlier this week Ethereum founder Vitalik Buterin cautioned users to be extra careful if someone posing as him contacts them with requests to “send funds.” Prior to that, Google was flush with fraudulent copycats of popular exchange desk Binance, seeking to turn users into affiliates.

Those curious to get familiar with some of the most recent scams on the cryptocurrency scene can consult with the Ethereum Scam Database. Until then: Pay attention to what apps you download – and remember to never share your private keys.