Cryptocurrency is an interesting area, but it’s one scammers are looking at increasingly, with security company Sophos finding criminals are dabbling in already. And it may even be on your device now.
The world of cryptocurrency is a rather interesting one, and between the environmental cost of “mining” a digital coin and the crazy and often volatile market, it’s not typically for the faint of heart. There are steps you might want to look at to help you dabble, and you might make something, but you also might lose something in the process, too.
In fact, if criminals have something to say about it, your loss may in fact be their gain, with yet another cryptocurrency security risk popping up.
This time, it’s from a report from security company Sophos, which says it has found over 100 counterfeit apps for Android and iOS being used by cybercriminals to steal money from people’s wallets, effectively by convincing people to install something that looks like an app, yet isn’t.
Less like fleeceware and more just a website designed to look like an app, Sophos has found 167 fake apps operating in fake app stores, which are essentially phishing sites designed to look like an App Store with fake customer reviews asking you to download an app that is instead a shortcut to another website.
Fake apps that are actually websites can get part of their game across because depending on the mobile operating system, you can download a web app that still looks like the real deal, but really just opens up a small browser window to take you to a website. In the case of the cryptocurrency scam apps, that website will take you to a place where you’ll be asked to enter details, and if you happen to be someone investing in crypto, it might be a fake trading place, with Sophos noting that many impersonate major platforms to trick victims.
While lucrative and potentially handing over some serious financial details, these scams can get personal, with messaging sometimes employed to get the details across, and force you to click. They may even arise from dating websites, because romance scams are also big news lately.
“People trust the brands and people they know – or think they know – and the operators behind these fake trading and cryptocurrency scams ruthlessly take advantage of that,” said Jagadeesh Chandraiah, Senior Threat Researcher for Sophos.
“The fake applications we uncovered impersonate popular and trusted financial apps from all over the world, while the dating site sting begins with a friendly exchange of messages to build trust before the target is asked to install a fake app. Such tactics make the fraud seem very believable,” he said.
To make sure to avoid these fake app stores, you’ll want to look for the app through the official app market on your device, be it the App Store on iOS and iPadOS, or the Google Play Store on Android.
While it is possible for scam apps to appear on these stores, particularly in the form of fleeceware, app marketplaces are making progress in removing the dodgy apps, something Apple noted recently in the lengths it goes.
It means the official apps make their way to the real store, while the not-so-official ones are less likely to, and that’s better news for your wallet, digital or otherwise.
“Developers of popular apps often have a web site, which directs users to the genuine app and, if they have the skills to do so, users should verify if the app they are about to install was created by its actual developer,” said Chandraiah.
“Last, but not least, if something seems risky or too good to be true – high returns on investment or someone from a dating site asking you to transfer money or cryptocurrency assets into some ‘great’ account – then sadly it probably is.”
