| Researchers December 20, 2017


December 20, 2017

3 fake Bitcoin wallet apps appear in (and are quickly removed from) Google Play Store

By Lookout

Bitcoin's rapid (and potentially volatile) growth has prompted headlines from major news outlets and interest from individuals all over the world who may not otherwise dabble in alternative forms of currency. Bitcoin values have soared in the last few weeks, with record highs of over $18,000. Of course, this means attackers want in on the action.

Lookout has identified three Android apps disguised as bitcoin wallet apps, previously in the Google Play Store, that trick victims into sending bitcoin payments to attacker-specified bitcoin addresses. Google removed the apps immediately after Lookout notified the company. The apps collectively had up to 20,000 downloads at time of removal.

We call this mobile malware family "PickBitPocket." All Lookout customers are protected from this threat.

How PickBitPocket works

PickBitPocket apps pretend to be legitimate bitcoin wallets, but instead are set up to trick victims into providing the attacker's bitcoin address instead of the seller's.

For example, an individual is selling some goods or services and allows payment in bitcoin. The seller provides a bitcoin address to the buyer for the payment. If the seller is using a PickBitPocket wallet app, he will instead send the attacker's bitcoin address to the buyer, in effect routing the bitcoin payment to the attacker.

Three apps removed from the Play Store

We discovered the following three fake bitcoin wallet apps for Android.

"Bitcoin mining"

  • Up to 5,000 installs

fake bitcoin wallet

"Blockchain Bitcoin Wallet - Fingerprint"

  • Up to 10,000 installs

fake bitcoin wallet

"Fast Bitcoin Wallet"

  • Up to 5,000 installs

fake bitcoin wallet

As bitcoin captures broader interest, this means more people may be purchasing the cryptocurrency, or looking for mobile wallets to store their coins. Individuals should be vigilant in choosing a secure wallet and should also have a security solution in place, such as Lookout, to identify malicious activity on their device.  

Are you an enterprise interested in learning more about Lookout Threat Advisory Services? Contact us here

Hashes:

Package name SHA-1
appinventor.ai_tamer_george_net.blockchain_bitcoin 7db53088ac1bcfc66750dfd04632443fffd49347
com.thunkable.android.tamer_george_net.Bitcoin_cave_mining bada339177fbf7f59ab814dfe6a2af4586697573
appinventor.ai_tamer_george_net.FastBitcoin 13400a542cad0ecda9b33b5b705bf5336a8d7335

Author

Lookout

Leave a comment

Submit


0 comments