San Francisco-based digital-threat-management solutions provider RiskIQ’s in its analysis of cryptocurrency security menaces and tips, found more than 600 blacklisted bitcoin apps found across official app stores including Apple and Google.
RiskIQ in an alert summarized items such as coin exchanges, recent cyberattacks, phishing methods, blockchain, and discovered hackers are targeting Apple, Google Play, SameAPK and APKPlz app store users with malicious cryptocurrency apps aiming to steal money and personal data.
Upon analyzing 18,408 apps across 20 app stores, the firm’s researchers found 661 blacklisted Bitcoin-themed apps in total. Although blacklisted by official cybersecurity vendors (3.6% of total) they were still available for download by users.
The top stores guilty of hosting these potentially dangerous apps, according to RiskIQ, were Google Play (272), ApkFiles (54) and 9Apps (52). RiskIQ’s research showed almost 3% of apps with “Bitcoin exchange” in the title blacklisted, as well as 2.6% using “Bitcoin wallet” and 2.2% listed as “cryptocurrency.”
Hackers behind the banned apps can trick users into handing over large sums of money or personal details for financial benefit.
The increase in unofficial and potentially malicious apps across multiple app stores will alarm potential investors looking to buy into bitcoin. Fabian Libeau, EMEA VP of RiskIQ, warned anybody considering downloading such software to be extremely cautious and to research each app. “We are seeing threat actors around the world exploiting what is already a hostile currency in a lawless digital world. Before handing over any cash or personal data, investors should carry out thorough research into the exchange and wallet apps they intend to use. By checking the developer’s name, user reviews and the number of app downloads, investors can measure the validity of an app and be more confident in their choice.”
Brandon Dixon, VP of product at RiskIQ, said in a blog, “If you’re in security and haven’t delved much into threats related to cryptocurrency, you may want to reconsider your position. Regardless of how you feel about its practicality or potential bubble status, cryptocurrency is worth understanding because it’s not going away anytime soon. And, a lack of formal regulations or rules in the space has helped foster a ‘wild west’ sort of chaos—both for good and for bad.”
Dixon pointed out when a topic gains global attention, chances are high it will be used in phishing attacks. “What makes the cryptocurrency world a bit different is the lack of follow-up-actions that can take place in the event of a theft.”
This has resulted in an assortment of phishing techniques including standard cold-emails, targeted messages to cryptocurrency holders, SMS hijacking to thwart two-factor authentication, typosquatting or brand infringing websites, fake exchanges, fake mixers, and social media impersonation. “Unlike typical phishing where the user may lose their account, victims of these phishing attacks can lose their entire digital wallet, leaving them empty-handed and without recourse.”
Dixon noted in early November, Sunnyvale, Calif.-based Proofpoint revealed a sizeable active phishing campaign that sent out messages about fake Bitcoin Gold wallet software. The actors abused Internationalized Domain Names registration attempting to impersonate the official bitcoingold.org website using sender IDN domains and the decoded notations.
