The Google Play store is not home only to banking trojans as security researcher Lukas Stefanko discovered after finding four malicious Android apps camouflaged as fake cryptocurrency wallets.
Moreover, the apps found by Stefanko used two different methods to help the bad actors who developed them to get their paws on the target's cryptocurrency funds.
MetaMask, the first one of them impersonates a legitimate service which allows you to "run Ethereum dApps right in your browser" but describes itself as a multi-currency wallet on the Google Play store.
This fake wallet app used phishing tactics to steal the victim's credentials wallet password and private key. As a bonus, according to the screenshot of its Google Play store page provided by the researcher, the MetaMask was also displaying ads probably as an extra revenue stream.
The other three malicious Android apps were camouflaging themselves as NEO and Tether wallet apps, and they would steal cryptocurrency funds from their victims by pretending to generate a private key and public address.
The fake cryptocurrency wallets were all created using a drag-and-drop app builder tool
Instead, the malicious apps would use the attacker's public address tricking the target into depositing funds while giving the impression that the money would reach the correct wallet address.
In the case of all these fake cryptocurrency wallets, Stefanko also observed that they were created using the help of a drag-and-drop builder service.
This proves that making malicious Android apps no longer require programming knowledge and, given the increasing popularity of cryptocurrency stealing schemes among malware peddlers, the number of malicious Android apps targeting crypto users will only increase.
Stefanko also recently discovered a trojanized Android app in the Google Play store used as a malware dropper for almost an entire year, as well as a banking Trojan camouflaged as a legitimate phone call recording in September, and 29 other infected Android apps from August until early October 2018 impersonating legitimate banking apps.