Despite attempts to weed out fake cryptocurrency apps on the Android marketplace, the war is far from being won. Cybersecurity researcher Lukas Stefanko recently came across four fake crypto apps in the Google Play Store that impersonated Ethereum wallet MetaMask, as well as the Tether and NEO cryptocurrencies. According to Stefanko, the apps have been on the Android marketplace for weeks now and had been downloaded several hundred times. The apps were removed from the Google Play Store as soon as they were reported.
Stefanko identified the MetaMask app as a phishing application intended to harvest the private key and the wallet password of the user. The rest were fake wallets which when launched were intended to dupe users into thinking that a public address had already been generated when it had not. This was with the intention of leading the user to send funds to the wallet, whose private keys are owned by the creator of the fake wallet. Once sent, the user cannot withdraw these funds since they don’t own the private keys.