Play store App Stealing User’s Crypto Login Credentials-It came as shocking news to many Android users when they discovered that the phone they were using was being used to hack their very own login credentials.
In a video by famous security researcher Lukas Stefanko, it was revealed that Google Play store contained a malicious app. Hence, that distributed malware into users’ mobile devices.
‘Easy Rates Converter’ is an app that portrayed itself as a currency converter app. Furthermore, it infected the user’s mobile devices with malware. The malware stole their login credentials for crypto and non-crypto transactions.
Among other apps, the attackers were targeting CommBank, Google Play, as well as the official app of Binance, one of the world’s biggest cryptocurrency exchange desks. According to Stefanko, the app had over 500 downloads.
Play store App Stealing User’s Crypto Login Credentials-The app functions similarly like a crypto jacking tool by using a fake adobe flash update, and also works as a normal currency converter on the display. In the background, however, it accesses malware via the user’s internet connection and installs it. When a user opens legitimate apps like Binance, the malware creates a fake activity which overlays the legitimate app. This fake activity prompts the user to input their user details, which are then saved and sent to the phishers.
Users are able to discern about the malware app by opening the list of currently running apps. But when Stefanko did this, and tapped back on the original app, the fake app still overlayed itself on the original application. Stefanko did, however, show how to delete the malware app from the device if it is found.
As of now, the app has been taken down by Google from its Play store. Readers can note that NvestWeekly reported earlier this week about a crypto jacking malware as well. This one seems to be an addition to the list of malware already out there.