Over the weekend, Reddit users reported two apps on Google Play that scam people by posing as cryptocurrency wallets. The fraudulent wallets, “ADA Cardano Crypto Wallet” and “All Crypto Currency Wallet” were both uploaded by a developer called “CryptoWallmart” and were downloaded 100-500 times each. 

With the rising popularity of cryptocurrencies, it’s not surprising to see malicious apps posing as crypto wallets entering the Google Play Store. Cybercriminals constantly explore various ways of betraying people whenever they see an opportunity to take advantage of a trend; we have already seen cryptocurrency mining apps imitating popular apps on the Google Play Store.

How the scams work

The “ADA Cardano Crypto Wallet” app poses as the official Daedalus cryptocurrency wallet, used for the ADA Cardano cryptocurrency. The app uses the Daedalus’ logo and claims it will convert other crypto coins like Bitcoin and Litecoin into the ADA Cardano coin. However, once cryptocurrencies are sent to the addresses listed in the app, they are gone.

The “All Crypto Currency Wallet” claims to be a multi-coin wallet. The app may sound practical, but instead of being a handy wallet, it steals any cryptocurrency sent to it for safekeeping. The app even includes an added bonus for the app’s developer: an affiliate link from Changelly, a service that helps cryptocurrency owners exchange their coins using the best exchange rate possible. If app users click on the affiliate link and exchange their cryptocurrencies using Changelly, the “CryptoWallmart” developer gets 50% of the revenue from Changelly.

How to protect yourself (and your coins) from fake apps

1. A must in terms of mobile protection is downloading an antivirus app, which will act as a safety net and protect you in case you run into a malicious app. Avast Mobile Security detects and removes these apps as malicious.
2. Only download apps from official app stores, as these usually go through security checks, before they are made available to the public. However, as malicious apps can slip through these checks from time to time, it is important to verify apps, making sure they are developed by a trusted source and not fake. This can be done by visiting the homepage of an established company, as they often promote their mobile apps on their websites, leading you to the correct store link, so you can download the app straight from the official source.
3. Always read both the positive and negative reviews before downloading any app. Even if an app has positive reviews, one can usually tell if these are fake or genuine; fishy positive reviews can be a sign that an app shouldn’t be trusted. In this case, the apps had negative reviews, where users were reporting the apps as scams which is a huge red flag!
4. Another important step is to carefully check the permissions an app is requesting. If an app requests permissions that don't make sense and don't seem necessary for the app to function properly, you should think twice before downloading it.
5. In general, applications claiming to give you cryptocurrency in return for a lower exchange rate should be considered scams.