The scammers tricked at least 93,000 people into buying fake Android cryptocurrency mining apps, as revealed by researchers at California-based cybersecurity firm Lookout.
The 172 paid Android apps, tracked down as two separate families named Bitwitch (83,800 installs) and Cloud Transit (9,600 installs), were advertised by cybercriminals to victims as cloud cryptocurrency mining service providers.
Twenty-five of these bogus apps were available on the Google Play Store, while those sold on third-party app stores could be downloaded by victims onto their Android devices.
Fake app updates are also used to scam victims
Lookout researchers revealed in a report released today that the apps did not include any crypto mining functionality in the cloud.
Instead, the scammers filled their wallets by selling the bogus apps without actually providing any of the advertised services.
The scammers used the fake Android apps to steal a total of more than $ 350,000 ($ 300,000 in app sales and $ 50,000 in fake updates) from thousands of victims around the world who bought the apps and paid for additional services and updates. nonexistent.
“These apps may have gone unnoticed because they don’t actually do anything malicious,” said Lookout mobile app security researcher Ioannis Gasparis.
“They are simply shells set up to lure users caught up in the cryptocurrency craze and raise money for services that don’t exist.”
Dozens of fake cryptocurrency mining apps are still for sale
The targets were lured into spending even more money on the apps using the promise of additional services and app updates, which can be purchased through cryptocurrency transfers directly to the scammers’ crypto wallets or through the Play Store.
“Both Cloud Transit and Bit Transit also offer subscriptions and services related to cryptocurrency mining that users can pay for through in-app billing on Google Play.
system, “Lookout explains.
“What makes Bitránsito different is that its applications also accept Bitcoin and Ethereum as payment options.”
Even though Google has already removed all of the fake Bit Scam and Cloud scam cryptocurrency mining apps found in the Play Store apps, Lookout says that dozens of them are still for sale in third-party app stores in the Web.
A list of all apps, indicators of compromise (IOCs), additional technical details, and information on the number of Play Store installs per app is available from Scam Bit and Cloud Scammers. in the Lookout report.