Over 93,000 individuals were deceived into buying fake Android mining apps or upgrades for them, according to a study by security firm Lookout.
Researchers distinguished two separate families of rogue apps, which they dubbed BitScam (83,800 installs) and CloudScam (9,600 installs). In total, 172 Android apps were sold by cybercriminals to victims who were interested in cloud cryptocurrency mining.
According to a report released by security researchers, twenty-five of the fake apps were found in the Google Play Store, others were sold on third-party app stores.
The apps that were advertised as containing cloud cryptomining capabilities, in fact, did not have such functionality. The bad actors didn’t steal crypto from victims’ wallets, either. Instead, they sold the fake apps and upgrades, which were never delivered.
This way, the scammers stole over $350,000 in fake app sales from thousands of victims.
Such rogue apps are very hard to detect, as they do not have any malicious functionality nor code:
“These apps were able to fly under the radar because they don’t actually do anything malicious,” Lookout mobile app security researcher Ioannis Gasparis said. “They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist.”
Victims were lured into transferring money, including cryptocurrency, to these apps with promises of additional features and upgrades.
“Both CloudScam and BitScam also offer subscriptions and services related to crypto mining that users can pay for via the Google Play in-app billing system,” Lookout explains. “What makes BitScam different is that its apps also accept Bitcoin and Ethereum as payment options.”
Even though Google removed all the fake CloudScam and BitScam apps from the Play Store, many of them are still up for grabs on third-party app stores.
A list of all CloudScam and BitScam apps, indicators of compromise, and additional technical details are included in the Lookout report.