We have given you many good reasons Avoid downloading suspicious Android apps Over the years, but here’s one more. Recently, researchers McAfee (by Ars Technica) 280 fakes were found Android Apps that scammers are using to access cryptocurrency wallets.
As the researchers noted, cryptocurrency wallet owners typically receive memory phrases that they can use to recover their accounts in the event they are locked out. These are usually 12 to 24 words long, and it’s not uncommon to take a screenshot.
Fake Android apps discovered by McAfee’s mobile research team target these phrases by scanning phones that may contain them.
Researchers at McAfee say the malware disguises itself as banking, government, streaming and utility apps. Scammers spread these apps through phishing campaigns by sending texts or DMs on social media containing links to deceptive websites that look legitimate. Once there, victims are prompted to download an app that installs malware on their phone.
Tech. Entertainment. Science. Your inbox.
Sign up for the most interesting tech and entertainment news out there.
Email: Sign up
By signing up, I agree Terms of Use and reviewed Privacy Notice.
The fake Android app will then ask for permission to access all kinds of sensitive information, from SMS messages to contacts to storage. The app also wants to run in the background, which should be all red flags, if you didn’t know.
If you make it this far, here are 280 fake apps that can steal your phone:
- contacts: The malware pulls the user’s entire contact list, which can be used for more deceptive practices or to spread the malware further.
- SMS messages: It captures and sends all incoming SMS messages, which may contain private codes used for two-factor authentication or other important information.
- Photos: The application uploads any images stored on the device to the attackers’ servers. These may be personal photos or other sensitive images.
- Device information: It collects details about the device itself, such as operating system version and phone number. This information helps attackers customize their malicious activities to be more effective.
“In such a landscape, it’s important for users to be careful about their actions, such as installing apps and granting permissions,” say McAfee’s mobile researchers. “It is advised to keep important information securely stored and separated from devices. Security software has become not just a recommendation but a requirement to protect devices.”
Post 280 Fake Android Apps Used to Steal Crypto Wallets Exposed appeared first BGR.