Fake cryptomining apps, some found on the Play Store, scam $350,000 from users
Why it matters: Although cryptocurrency such as Bitcoin has lost around half its value in the last three months, people still want to get in on what can be a lucrative industry, and criminals are taking advantage. A security company has discovered that over 170 Android apps, some available on the Google Play store, have been scamming more than 93,000 crypto fans.
Security researchers at the Lookout Threat Lab discovered that the apps, 25 of which were on Google Play, managed to evade detection because they didn’t do anything malicious. The problem was that they didn’t do anything at all.
The apps, classified into families called BitScam and CloudScam, claimed to provide cloud-based cryptocurrency mining services that involved pooling the spare power of users’ handsets, with the profits shared out between everyone. The majority of the apps weren’t free and charged extra fees for subscriptions and upgrades that ranged from $12.99 to $259.99—crypto such as Bitcoin and Ethereum was accepted as payment. But researchers found that no actual mining was taking place.
Users didn’t know the apps were scams as they were not allowed to make withdrawals until a minimum balance had been reached. But even when they did hit that figure, trying to remove funds would only show an error message.
Some of the scam apps
Threat labs writes that the creators made $300,000 from selling the apps and an additional $50,000 in crypto from victims paying for fake upgrades and services. It also notes that the apps were so unsophisticated that they could have been made by someone with no programming experience.
While Google has removed the scam apps from its store, dozens more from third-party stores remain in circulation—so, as always, be careful when sideloading.
Image credit: LightField Studios