Pages

Google's capability in question as thriving faux cryptomining Android apps get uncovered on Play Store

The security researchers at TrendMicro has found 8 fake crypto mining Android applications extorting money from Google Play Store users and 2 of them are paid.

As crypto mining takes its surge, cybercriminals have found a new way to extort resources from users and we must admit, it is a pretty smart way. Researchers recently uncovered 8 different Android applications including Bitcoin 2021 and Crypto Holic that push users into buying unnecessary updates and in-app purchases with nothing in return. The trick is to lure users into expensive subscription services.

While Google does claim to have removed all such applications from the Play Store, it is pretty evident that a lot of them are still manage to thrive on its platform. When Google couldn't detect them for so long, having over 100,000 downloads, how can the company claim to have covered them all?

The fraud applications found were based on two major malwares namely FakeMinerPay and FakeMinerAd. As the second name suggests, the fraud also worked through getting users to click on ads as a means to extort money. The applications were so devious yet clever that the subscription services sometimes amounted up to $15.

To top that off, there has also been a discovery that two of these eight applications were actually paid ones on the Google Play Store worth $12.99 and $5.99 respectively. It is disbelieving to think that users paid just to get robbed. Sadly, we've also reported such similar incidents on Apple App Store as well.

All the apps claimed to be mining money but there was no actual mining going on and while some tried to cover up by adding various features, most did not even do that. Furthermore, an app did try to cover its tracks up by mentioning in its terms and conditions that it was a game and not a functioning app.

Two of these applications had yet a new technique. They flooded users with mindless apps with the main purpose of getting clicks. Through those clicks, users prove they're not robots while also being pinned to invite more friends. While this is a tactic used to gain user trust, it simply lays the trap to invite more fish. These apps claim to give you your reward if you invite other people but after complying with every condition, not one user could get a withdrawal.

While these are all fake apps, there are real ones out there too. But how to distinguish between the two? The first step is to read the comments and reviews carefully. Disregard all the 5 star ones and focus on the 3 star ones and below as they're the most genuine ones. Next, enter your details wrong. Even if you enter the wrong wallet details, the fake app isn't going to verify it and you'll know. Another thing you could do is restart your phone within the process. The key is to spot your mining update. If it returns nil, it was fake. Lastly, check for the withdrawal fee as no one does stuff for free anymore.

With the help of these steps, spotting a bogus app won't be that hard anymore.


Read next: This Year Saw 64 Percent More Ransomware Attacks

No comments:

Post a Comment