| Researchers December 20, 2017
December 20, 2017
Bitcoin's rapid (and potentially volatile) growth has prompted headlines from major news outlets and interest from individuals all over the world who may not otherwise dabble in alternative forms of currency. Bitcoin values have soared in the last few weeks, with record highs of over $18,000. Of course, this means attackers want in on the action.
Lookout has identified three Android apps disguised as bitcoin wallet apps, previously in the Google Play Store, that trick victims into sending bitcoin payments to attacker-specified bitcoin addresses. Google removed the apps immediately after Lookout notified the company. The apps collectively had up to 20,000 downloads at time of removal.
We call this mobile malware family "PickBitPocket." All Lookout customers are protected from this threat.
PickBitPocket apps pretend to be legitimate bitcoin wallets, but instead are set up to trick victims into providing the attacker's bitcoin address instead of the seller's.
For example, an individual is selling some goods or services and allows payment in bitcoin. The seller provides a bitcoin address to the buyer for the payment. If the seller is using a PickBitPocket wallet app, he will instead send the attacker's bitcoin address to the buyer, in effect routing the bitcoin payment to the attacker.
We discovered the following three fake bitcoin wallet apps for Android.
"Blockchain Bitcoin Wallet - Fingerprint"
"Fast Bitcoin Wallet"
As bitcoin captures broader interest, this means more people may be purchasing the cryptocurrency, or looking for mobile wallets to store their coins. Individuals should be vigilant in choosing a secure wallet and should also have a security solution in place, such as Lookout, to identify malicious activity on their device.