26 September 2023

Scam warning: Cyber thieves invade app stores

Start the conversation

Brendan Hesse* says people are losing money to fake crypto currency apps on the Google Play Store.


Cryptocurrencies continue to grow in popularity, but as interest increases, so does the creativity of scammers looking to capitalise on a cultural shift in order to rip people off.

According to a recent report by Trend Micro’s cybersecurity team, there are now scores of fake crypto mining and wallet apps on the Google Play Store duping users into paying for fake services like cloud mining and storage.

The report calls out eight apps in particular:

  • Bitcoin 2021
  • Bitcoin Miner – Cloud Mining
  • Bitcoin (BTC) – Pool Mining Cloud Wallet
  • BitFunds – Crypto Cloud Mining
  • Crypto Holic – Bitcoin Cloud Mining
  • Daily Bitcoin Rewards – Cloud Based Mining System
  • Ethereum (ETH) – Pool Mining Cloud
  • MineBit Pro – Crypto Cloud Mining & btc miner

Most of these apps were hiding one of the same two fake mining apps — either Trend Micro labelled “AndroidOS_FakeMinerPay” or “AndroidOS_FakeMinerAd” — that dupe users into paying for fake cloud mining services, usually at a $US15 ($21) recurring monthly fee.

In reality, none of the apps actually mined or paid out cryptocurrencies to the users.

Some also pushed paid ads and extra in-app purchases, and at least two of the apps — Crypto Holic and Daily Bitcoin rewards — were premium apps users had to purchase to download.

Google delisted these apps from the Google Play Store following Trend Micro’s report.

Delisted apps are subsequently disabled and removed from any devices they’re downloaded on, but it’s still wise to confirm they’re deleted from your Android phone if you downloaded any of the apps listed above.

There are still more fake crypto apps out there

Unfortunately, even after these bans (and Google’s revision of its own crypto policies), Trend Micro’s researchers claim there are still more than 120 other fraudulent crypto apps available on the Play Store right now. Some have been downloaded by over 100,000 users.

And these apps won’t be called out or removed until it’s proven they are, in fact, committing some form of crypto fraud.

As we remind you every time one of these malicious apps stories surfaces, make sure you thoroughly vet each piece of software you download.

Stick to well-known apps and developers, and make sure to read through the ratings and reviews — including those on trusted sites like the Google Play Store.

It’s worth doing a quick internet search, too, or even asking for a second opinion on a reliable discussion forum.

Still, malicious developers will go out of their way to make their apps look legit.

Don’t pay for any apps, services, or special features unless you’re certain they’re real.

If you have any doubts, don’t hand over your payment info or personal data.

And if you’re already paying for an app that claims to offer cloud mining services but you haven’t seen any returns, that means it’s likely fake.

Delete the app and report it right away.

*Brendan Hesse is a contributor at LifeHacker.

This article first appeared at smartcompany.com.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.