Heimdal
article featured image

Contents:

People everywhere are being warned to be careful around Android apps that claim they can mine Bitcoin in the cloud. According to researchers at the private IT security company Lookout, scammers fooled almost 100.000 people into purchasing fake Android cryptocurrency mining apps.

The 172 paid Android apps, tracked as two separate families named BitScam (83,800 installs) and CloudScam (9,600 installs), were advertised by the threat actors to targets as offering cloud cryptocurrency mining services.

Twenty-five of the fake applications were also available in the Google Play Store, varying in price from $10.99 to $20.99. The rest of the apps are being circulated on third-party stores.

Victims Also Tricked by Android Fake App Upgrades

In a report published yesterday, researchers declared that the fake apps didn’t include any cloud cryptomining functionality.

The app’s goal is to steal money from victims through legitimate payment processes, but never deliver the promised service.

While CloudScam and BitScam apps have now been taken off from Google Play, there are dozens of apps that are still available in third-party app stores.

In total, the scammers generated at least $350,000. They stole $300,000 from selling the fake apps and an extra $50,000 in bitcoin from victims worldwide purchasing fake upgrades and services.

Lookout mobile app security researcher Ioannis Gasparis declared:

These apps were able to fly under the radar because they don’t actually do anything malicious.

They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist.

Fake Android Cryptomining Apps Still Available

With the promise of additional services and app upgrades that were available for sale through cryptocurrency transfers straight to the scammers’ crypto wallets or via the Play Store, victims were tempted into paying even more money on the fake apps.

Both CloudScam and BitScam also offer subscriptions and services related to crypto mining that users can pay for via the Google Play in-app billing
system.

What makes BitScam different is that its apps also accept Bitcoin and Ethereum as payment options.

Source

Even though all the fake BitScam and CloudScam cryptomining apps found on the Play Store apps were already taken off, researchers at Lookout stated that dozens of them are still up for sale on third-party app stores around the web.

The cybersecurity researcher’s report includes a list of all the BitScam and CloudScam applications, indicators of compromise (IOCs), extra technical information and, details on the number of Play Store installs per app.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE