Security Researcher Finds A Google Play App Phishing Crypto Login Credentials

By Kapil Gauhar

A security and malware researcher, named Lukas Stefanko, has reportedly found an app on Google’s Play Stay that phishes users’ login details on conventional banking apps and cryptocurrency exchanges.

Stefanko showed an app called Easy Rates Converter through a video, that initially looked like a simple currency conversion application. But, that was installing phishing malware whenever users installed it, dressing it up as an Adobe Flash update.

Once the application is installed, the malware waited for users to log in to their conventional banking apps like that of CommBank, or the official applications of crypto exchange, such as Binance. When users log in to these affected applications, the malware creates a fake activity that overlays the legitimate application and prompts users to log in as if it was the legitimate app.

Once users enter their credentials in the app, that information is sent to the phishers who could then use them for stealing their funds. It’s very hard to spot the malware itself since the currency conversion tool works as intended making the application seem legitimate.

Fake applications which have been connected with several crypto exchanges have also been discovered on the Android app store. Usually, these are reported by the other users, who set up red flags for the others by rating them lower.

As CryptoGlobe covered, Google banned the crypto mining applications from its platform this year. In spite of the ban, mining apps were, somehow, still making their way onto the platform. Remarking on the damaging effects of the crypto mining applications through smartphones, cybersecurity research Troy Mursch stated at the time –

“Mobile devices are not designed, nor optimized to mine cryptocurrency. If you leave a mobile device plugged in while mining cryptocurrency unthrottled, there is a legitimate risk it could lead to physical damage.”