News Google Play app caught phishing for cryptocurrency exchange login...

Google Play app caught phishing for cryptocurrency exchange login details


- Advertisment -

Despite Google’s hardline stance against malicious cryptocurrency apps, some still find ways of sneaking through its net.

Security and malware researcher, Lukas Stefanko, published a video yesterday exposing how a malicious app, distributed via Google’s Play Store, steals the sensitive data from unsuspecting users.

Disguised as a currency conversion tool, the app (called Easy Rates Converter) is actually designed to snatch your personal credentials for a number of legitimate apps. Among other apps, the attackers were targeting CommBank, Google Play, as well as the official app of Binance, one of the world’s biggest cryptocurrency exchange desks. According to Stefanko, the app had over 500 downloads.

malware, trojan, adobe flash, blockchain, cryptocurrency, binance

When the user downloads the app, it installs and operates as you would expect. However, in the background it also downloads and installs phishing malware dressed up as an Adobe Flash update. Sounds familiar.


The malware then waits for its moment to strike.

When you open legitimate apps like, Binance, the malware creates a “fake activity” which overlays the legitimate app. The “fake activity” prompts the user to input their user details, which are then saved and sent to the phishers.

Stefanko demonstrates the malware with conventional banking app CommBank, but states it also phishes on the Binance app.

malware, cryptocurrency, adobe flash, bitcoin, binance, phishing

Theoretically, this would be enough to gain illegitimate access to not just your cryptocurrency exchange accounts, but your regular banking apps too.

It appears that the rogue app has since been removed from Google Play. Hard Fork reached out to Google for comment. We will update this piece as we learn more.

Malware like this could be pretty difficult to spot, as the app does indeed install a legitimate program that operates as you might expect.

To avoid falling foul of these apps, Stefanko told Hard Fork that users should “check [the] rating and reliability of developer [and stick to] verified apps (many installs) not new comers.”

Source link


Please enter your comment!
Please enter your name here

Latest news

Bitcoin SV has found a new niche in the gaming industry

Gaming companies and online casinos are increasingly paying attention to cryptocurrencies as a possible payment tool. Several...

Why could GLBrain become a great solution to receive support during the crisis?

To support smaller and medium-sized businesses during the ongoing crisis, GLBrain offers services cost-free for all Austrians....

Make Fast and Secure Trades Using is a Cryptocurrency trading platform that allows users to buy and sell their Cryptocurrency in a...

Network Security Using Cryptography: Everything you need to know

This article will describe what is Network Security Using Cryptography and everything you need to know before...
- Advertisement -Google Play app caught phishing for cryptocurrency exchange login details

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Fungibility: Bitcoin Mixers Favorite Term That No One Understands

Fungibility, perhaps the most important concept when dealing with a decentralized and anonymous currency, but does bitcoin...

Must read

Bitcoin SV has found a new niche in the gaming industry

Gaming companies and online casinos are increasingly...
- Advertisement -

You might also likeRELATED
Recommended to you