Security Researcher Finds App on Google Play Phishing for Crypto Exchange Login Credentials

Francisco Memoria

Lukas Stefanko, a security and malware researcher who’s known for catching cryptocurrency-related scams, has recently found an app on Google’s Play Store phishing users’ credentials on conventional banking apps and cryptocurrency exchanges.

Through a video, first spotted by The Next Web, Stefanko showed an app called Easy Rates Converter, which initially just looked like a simple currency conversion app,  but that was actually installing phishing malware whenever users installed it, dressing it up as an Adobe Flash update.

Once installed, the malware waited for users to open conventional banking apps like that of CommBank, or the official apps of cryptocurrency exchanges, like that of Binance. When users opened these affected apps, the malware created “fake activity” that overlayed the legitimate app and prompted users to log in as if it was the legitimate app.

Once users entered their credentials, they were sent to the phishers who could then use them to steal their funds. The malware itself was hard to spot, as the currency conversion tool did work as intended, making the app seem legitimate.

According to The Next Web, since Stefanko reported on the app it has been removed from the Google Play Store. Notably, phishing apps have in the past been found on Google’s Play Store. A fake MetaMask app earlier this year swindled Ethereum users out of $2,700. Only recently, as covered, has the popular wallet announced it’s launching a mobile app.

Fake apps associated with various cryptocurrency exchanges have also been found on the Android app store. Often, these are reported by other users, who set up red flags for others by rating them as low as possible.

Google, as CryptoGlobe covered, banned crypto mining apps from its platform earlier this year. Despite the ban, mining apps were still making their way onto the Play Store. Commenting on the damaging effects mining cryptocurrencies through smartphones can have, cybersecurity research Troy Mursch stated at the time:

Mobile devices are not designed, nor optimized to mine cryptocurrency. If you leave a mobile device plugged in while mining cryptocurrency unthrottled, there is a legitimate risk it could lead to physical damage.