Google moved quickly to kick three fake bitcoin wallet apps from its Google Play marketplace earlier this month after researchers at mobile security firm Lookout discovered them.
The apps pretended to be legitimate bitcoin wallets, but instead were fake. Apps were designed to trick sellers to provide the attacker’s bitcoin address (not the legitimate seller’s) to buyers so payments would go to the attacker, according researchers.
Collectively the three apps were downloaded 20,000 times by users. The apps were identified as “Bitcoin mining”, “Blockchain Bitcoin Wallet – Fingerprint” and “Fast Bitcoin Wallet.”
Each of the apps had been on the app store for several months before Google removed them. Fast Bitcoin Wallet had been on the Google Play the longest, available since June and downloaded 5,000 times. The Blockchain Bitcoin Wallet – Fingerprint app was the most popular, downloaded 10,000 times.
Lookout said that criminals are exploiting increased interest in the crypto currency. The value of bitcoin has jumped 1,900 percent over the last 12 months, according to Coinbase. On Thursday, one bitcoin was worth $16,100, up from $8,100 the previous month.
“Bitcoin values have soared in the last few weeks, with record highs of over $18,000. Of course, this means attackers want in on the action,” Lookout said.
The ejection comes a week after Apple removed a knockoff version of the popular MyEtherWallet.com app from the iOS App Store. A report from TechCrunch estimated the fake app was downloaded 3,000 times.
Google removed the apps promptly after Lookout researchers notified the company, researchers said. Lookout has dubbed these type of bitcoin stealing programs as “PickBitPocket” apps.
A cursory review of third-party Android app stores revealed these apps are still available for download.
Each of the apps worked the same way. Each prey on people selling goods or services that