Scammers Stealing Ether Using Fake MyEtherWallet Apps

Jan 25 2018

Scammers in Google Play aiming to dupe naive crypto users using a fake MyEtherWallet app.

The cryptocurrency craze has resulted in unprecedented growth within this relatively new industry. But it has also led to revolutionized approaches from malicious attackers. In the latest of such attacks, scammers have created a fake MyEtherWallet app that is currently available on Google Play.

This news was posted on Twitter by Lucas Stefanko, a malware researcher who also added that there is no official version of MyEtherWallet yet.

Disturbing Stats

This copycat, according to data from Google Play, has already been downloaded between 100 and 500 times since its mysterious appearance on the platform on January 18. It poses a significant risk for the crypto community as it requires either a user’s private key or mnemonic phrase for log in.

Moreover, it has a decent rating of 3.8 stars out of five and upwards of 30 positive reviews. No one can tell for sure whether these are genuine reviews or part of the scammers’ ploy. However, the number of downloads point to the gullibility of many in the crypto community and also explains why the industry has become a popular target for such attacks.

Fortunately, there have been a number of warnings from discerning Google Play users who point out that the app is illegitimate and only out to phish private keys.

Other Cryptocurrency Scams in the Recent Past

Barely a month ago, a similar incident was reported on Apple’s app store whereby a fake app masquerading as MyEtherWallet got through the platform’s review system and was ranked as the third most popular finance app.

In an interesting twist, the app was priced at $4.99 in spite of being open-source software. It was not clear whether selling this otherwise free app was the point of the scam or whether it was an attempt to steal digital currencies.

Earlier in the month, there were a number of Binance copycats on the Google browser, most of which redirected to the official site but through a referral link.

Ethereum founder Vitalik Buterin a few days back also warned the crypto community to be cautious as there is a scamming email circulating under his name.  He says that the senders are malicious actors posing as him to cordially request for funds. They claim that his laptop died and he is unable to access his cold wallet for an entire week.

It seems highly unlikely that a renowned platform founder would ask for funds. But the high number of not-so-tech-savvy people looking to get in on the crypto hype can fall to all manner of scams.

What makes this industry particularly prone to fraudulent activity is the anonymity inherent in the space. Users have been warned repeatedly against mishandling their private keys as this makes them susceptible to such acts.

To this end, such platforms as the Ethereum Scam Database exist to help users to stay updated on the latest tricks within the space.

Comments