Great Moto G Stylus deal on Amazon!
PhoneArena unveils the ultimate collector’s book for phone enthusiasts
PhoneArena unveils the ultimate collector’s book for phone enthusiasts

Fake apps and websites take more than $4.3 million from iPhone and Android users

By
1comment
iOS Apple Android Apps Google
Fake apps and websites take more than $4.3 million from iPhone and Android users
Both iPhone and Android users need to make sure that they do not have any of the 249 fake Crypto Wallet apps mentioned by Trend Micro on their phones. These apps pretend to be legit cryptocurrency wallet apps but have led to the theft of more than $4.3 million. Pretending to be from legit crypto wallet app companies, emails are sent out to potential victims containing "malicious links" that lead iOS and Android users to visit listings for the attackers' fake apps.

Do you see the brilliance in this process? By sending victims to a page where their malware-laden apps can be installed, the attackers can avoid having to list their fake apps in the App Store or Google Play Store where they could get banned. And to get iOS and Android users who do have a legit crypto wallet app on their phone to tap on the link, these emails pretend to be from those real crypto wallet apps telling recipients that the current version of their crypto wallet app is out of date and that they must tap on the link to install the latest version.

This email tries to get the victim to click on a link to a fake website - Fake apps and websites take more than $4.3 million from iPhone and Android users
This email tries to get the victim to click on a link to a fake website

The hackers also created fake websites designed to look like the ones used by real crypto wallet apps and have domain names slightly different than the real ones. These fake websites appear high up in search results and are another way the criminals get their victims without having to list apps in the App Store or Google Play Store. Another ploy used is to post fake links on social media sites that show fake support messages. Again, the goal is to get victims to visit a fake website.

Real crypto wallet website on the left, a fake one created by the hackers is on the right - Fake apps and websites take more than $4.3 million from iPhone and Android users
Real crypto wallet website on the left, a fake one created by the hackers is on the right

The Trend Micro Threat Research team found 249 fake crypto wallet apps including imToken, Bitpie, MetaMask, Trust Wallet, and TokenPocket. The apps were found on phones used by victims in the United States, France, Germany, Australia, New Zealand, and Japan.

The fake apps and fake websites steal victims' mnemonic phrases. These phrases are a series of unrelated words, usually 12 to 24 words in length, that are generated when a crypto wallet app is created. The mnemonic phrases are used to recover a user's cryptocurrency if a wallet is lost or damaged. But once a mnemonic phrase is typed into one of the fake websites or apps, it goes straight to the hackers.

When the mnemonic phrase is stolen, the hacker will transfer the victim's cryptocurrency to multiple disposable wallets. Trend Micro's Threat Research team discovered that $4.3 million passed through one of the disposable wallets. Since most hackers have multiple wallets that are used in these endeavors, we can assume that more than $4.3 million has been stolen.

So what can you do to avoid becoming a victim of this scam? Trend Micro makes the following suggestions:

  • Only download apps from the Google Play Store and the Apple App Store.
  • If you observe any suspicious behavior when updating a crypto wallet app, immediately terminate the update and uninstall the app.
  • To confirm the legitimacy of a crypto wallet app, the first time you transfer money, send only a small amount.
https://m-cdn.phonearena.com/images/users/39-200/Alan-F.jpg
Alan Friedman Mobile Tech News Journalist
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.

Popular stories

T-Mobile may raise 'older rate' plan prices in June
T-Mobile may raise 'older rate' plan prices in June
T-Mobile celebrating Mint purchase with new and upgraded perks for customers
T-Mobile celebrating Mint purchase with new and upgraded perks for customers
Meta rubs salt in Apple Vision Pro wounds – the Android of AR/VR is here, and I'm super excited
Meta rubs salt in Apple Vision Pro wounds – the Android of AR/VR is here, and I'm super excited
4 billion Android users who downloaded apps flagged by Microsoft need to take some actions to stay safe
4 billion Android users who downloaded apps flagged by Microsoft need to take some actions to stay safe
Grab the JBL Xtreme 3 at its Black Friday price on Amazon and enjoy blasting tunes on the cheap
Grab the JBL Xtreme 3 at its Black Friday price on Amazon and enjoy blasting tunes on the cheap
T-Mobile, Verizon, and AT&T fined heavily for selling access to real-time customer location data
T-Mobile, Verizon, and AT&T fined heavily for selling access to real-time customer location data
Loading Comments...

Latest News

6G data speeds hit 100Gbps in test, 500 times faster than average 5G data speeds
6G data speeds hit 100Gbps in test, 500 times faster than average 5G data speeds
Patent application could indicate that Apple is working on a foldable iPhone
Patent application could indicate that Apple is working on a foldable iPhone
Check the list to see if your OnePlus device is eligible to receive OxygenOS 15
Check the list to see if your OnePlus device is eligible to receive OxygenOS 15
Bye AMD? Samsung reportedly plans to use in-house GPU starting with Exynos 2600 SoC
Bye AMD? Samsung reportedly plans to use in-house GPU starting with Exynos 2600 SoC
Under-screen Face ID for iPhone reportedly delayed (again)
Under-screen Face ID for iPhone reportedly delayed (again)
Mystery premium segment U.S smartphone will be powered by flagship MediaTek chipset
Mystery premium segment U.S smartphone will be powered by flagship MediaTek chipset
FCC OKs Cingular\'s purchase of AT&T Wireless