Scams are afoot… Researchers have identified more than 170 fraudulent Android-based cryptocurrency apps that are allegedly scamming digital currency miners.
Scams Just Don’t Seem To Exit the Crypto Space
The crypto space has always been fraught with money-stealing operations, some of which have been all too successful. Most of the time, operations are done on a largescale basis, such as when exchanges like Mt. Gox, Coincheck, or most recently, Africrypt were hit. These three exchanges alone were once responsible for the custody of billions of dollars in digital currency – all of which has seemingly disappeared without a trace.
However, at other times, these scams occur through smaller means, such as phony apps designed to steal login data or whatever cryptocurrency is being stored on a phone or hardware wallet. These do not necessarily add up to much on their own, but when combined, the results can be rather devastating.
The apps in question this time have been built to take funds from digital currency miners, which are already under scrutiny given the argument that crypto mining somehow hurts Earth’s environment. Security researchers at Lookout Threat Lab – a cloud security firm – say that approximately 93,000 people have already been victimized, resulting in more than $350,000 in digital funds being stolen.
In a recent report, the researchers explained:
What enables [these apps] to fly under the radar is that they do not do anything malicious. In fact, they hardly do anything at all. They are simply [methods] to collect money for services that do not exist.
They say that given how much the process of crypto mining has changed and adapted over the years, the process of stealing from miners has become much simpler. The report says:
Cloud mining introduces both convenience and cybersecurity risks. Because of the simplicity and agility of cloud computing, it is quick and easy to set up a realistic-looking crypto mining service that is really a scam.
Many of the fraudulent apps in question had to be paid for. Thus, the scammers were able to pocket all the money from respective sales. Many users also paid for subscriptions, adding more to the stolen money pile, but things did not stop there. The researchers say:
After analyzing the code and network traffic, we discovered the apps display a fictitious coin balance and not the number of coins mined. The value displayed is simply a counter slowly incremented in the app.
Users Couldn’t Withdraw Their Money
In addition, the apps were programmed not to allow users to withdraw any coins until they had reached a certain balance, and even then, users had difficulty in withdrawing any assets. The report said:
The app would display a message telling the user that the withdrawal transaction is pending, but behind the scenes, it simply resets the user’s coin balance amount to zero without transferring any money to the user.