Over 170 fake Android apps, including 25 apps in the Google Play store, have defrauded more than 93,000 users through crypto mining scams.
Researchers at Lookout Threat Lab discovered that the apps defraud users by promising to provide cryptocurrency mining services for a fee without actually providing any services.
Users are then tricked into buying premium apps, transferring bitcoins to cryptocurrency wallets operated by the fraudsters, or upgrading subscriptions. The rogue Android apps exploit legitimate payment processes such as Google Pay to receive stolen money.
It is estimated that fraudsters have scammed over 93,000 users around $350,000.
Crypto mining fake apps, unlike other malicious Android apps, do not perform any dangerous behaviour. They can get into Google Play Store and other managed app stores because they don’t have dangerous payloads. They also elude code-based mobile security solutions that check mobile phones for harmful software.
Researchers found that only 25 of the 170 apps are available on the Google Play Store. Whilst these apps are removed from Google, crypto mining scams can still occur through third-party stores and continue to receive money through payment processes such as Bitcoin transfers.
Missed FinCrime World Forum’s livestream experience?
No problem, simply CLICK HERE to access the sessions on demand.