San Francisco-based digital-threat-management solutions provider RiskIQ's in its analysis of cryptocurrency security menaces and tips, found more than 600 blacklisted bitcoin apps found across official app stores including Apple and Google.

RiskIQ in an alert summarized items such as coin exchanges, recent cyberattacks, phishing methods, blockchain, and discovered hackers are targeting Apple, Google Play, SameAPK and APKPlz app store users with malicious cryptocurrency apps aiming to steal money and personal data.

Upon analyzing 18,408 apps across 20 app stores, the firm's researchers found 661 blacklisted Bitcoin-themed apps in total. Although blacklisted by official cybersecurity vendors (3.6% of total) they were still available for download by users.

The top stores guilty of hosting these potentially dangerous apps, according to RiskIQ, were Google Play (272), ApkFiles (54) and 9Apps (52). RiskIQ's research showed almost 3% of apps with “Bitcoin exchange” in the title blacklisted, as well as 2.6% using “Bitcoin wallet” and 2.2% listed as “cryptocurrency.”

Hackers behind the banned apps can trick users into handing over large sums of money or personal details for financial benefit.

The increase in unofficial and potentially malicious apps across multiple app stores will alarm potential investors looking to buy into bitcoin. Fabian Libeau, EMEA VP of RiskIQ, warned anybody considering downloading such software to be extremely cautious and to research each app. “We are seeing threat actors around the world exploiting what is already a hostile currency in a lawless digital world. Before handing over any cash or personal data, investors should carry out thorough research into the exchange and wallet apps they intend to use. By checking the developer's name, user reviews and the number of app downloads, investors can measure the validity of an app and be more confident in their choice.”

Brandon Dixon, VP of product at RiskIQ, said in a blog, “If you're in security and haven't delved much into threats related to cryptocurrency, you may want to reconsider your position. Regardless of how you feel about its practicality or potential bubble status, cryptocurrency is worth understanding because it's not going away anytime soon. And, a lack of formal regulations or rules in the space has helped foster a 'wild west' sort of chaos—both for good and for bad.”

Dixon pointed out when a topic gains global attention, chances are high it will be used in phishing attacks. “What makes the cryptocurrency world a bit different is the lack of follow-up-actions that can take place in the event of a theft.”

This has resulted in an assortment of phishing techniques including standard cold-emails, targeted messages to cryptocurrency holders, SMS hijacking to thwart two-factor authentication, typosquatting or brand infringing websites, fake exchanges, fake mixers, and social media impersonation. “Unlike typical phishing where the user may lose their account, victims of these phishing attacks can lose their entire digital wallet, leaving them empty-handed and without recourse.”

Dixon noted in early November, Sunnyvale, Calif.-based Proofpoint revealed a sizeable active phishing campaign that sent out messages about fake Bitcoin Gold wallet software. The actors abused Internationalized Domain Names registration attempting to impersonate the official bitcoingold.org website using sender IDN domains and the decoded notations.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).