Cybercriminals are always looking for a way to get paid. While ransomware and Cryptojacking are currently hot trends, others still use old-fashioned social engineering and phishing scams to get things to go their way. Recently, unknown actors created a fake MyEtherWallet app and managed to get it on Google Play.
Their goal was to trick Ethereum users. The malicious app, once installed, attempted to get users to enter their private keys. Presumably, it would then steal people’s funds, although no reports of affected users are currently known.
Luckily, a malware analyst at IT security firm ESET caught the app in time and quickly pointed out that MyEtherWallet doesn’t have any official app yet.
— Lukas Stefanko (@LukasStefanko) January 24, 2018
According to Google Play data, the fake MyEtherWallet app was installed between 100 and 500 times. It was on Google’s play store since January 18. It notably came with a few fake comments and 5-star ratings, to lure in unsuspecting users. One of the fake comments read “wonderful app for storing cryptocurrency safe and secure. Observant users quickly reacted to the malicious app, and pointed out it was fake. Before being removed, the app had a 3.8-star rating.
Fake cryptocurrency-related apps are nothing new to Google’s Play store. Back in October 2017, Core Media reported on two fake Poloniex trading apps found on the online platform. One of them had as many as 5,000 downloads before being removed.
The MyEtherWallet app is just one of many scams
Scams in the cryptocurrency space are becoming so popular that Ethereum founder Vitalik Buterin recently cautioned people to be careful if they were contacted by someone posing as him “out o the blue.” These contacts usually ended up the impostor asking the user to send funds.
Google also constantly has to remove phishing websites from its search results. Scammers take advantage of its AdWords program to promote fake cryptocurrency exchange websites, in an attempt to lure unsuspecting traders.
Notably, last year the Ethereum Scam Database (EtherscamDB) was launched. It collects crowdsourced information about online scams to help new users safely navigate the ecosystem. Since its launch, the Ethereum Scam Database found 2,667 scams, and only 281 are currently active.