Cryptocurrency is one of the popular bait for cyber-scammers, who develop innovative ways to target their victims. One of them has been uncovered by the Security researchers working at Lookout Threat Lab. They revealed that there are around 170 Android apps out of which 25 fake apps are available on the Google Play Store, defrauding people who are planning to make some money from crypto mining.
Lookout Threat Lab found that these fake apps deceived more than 93,000 people and stole at least $350,000 with users paying subscription fees and purchasing upgrades to the app. They stole $300,000 from selling fake apps and an additional $50,000 in cryptocurrency from victims who paid for fake upgrades and services.
After receiving several complaints, Google has taken action on these fake apps, but this is only a minor number with mostly still operating on third-party stores.
How these Cryptocurrency Apps work?
Cryptocurrency mining is a process which harnesses computers’ processing power in order to verify cryptocurrency transactions by solving complex mathematical problems. Such apps lure the customers with the promise of renting cloud computing power via the apps and taking a small cut of each transaction verified.
How does these scam apps operate?
Now the scam apps also pretend to provide the same services of renting cloud computing, which doesn’t actually exist. Their entire raison d’être is to steal money from users through legitimate payment processes, but never deliver the promised service.
- These apps claim to mine coins like ethereal and bitcoin.
- They ask users to pay directly to the developer’s crypto wallet via Google Play’s saved payment mechanism or even crypto coins including bitcoin. Usually they charge between $12.99 to $259.99.
- These apps have a policy regarding minimum balances from coins mined by users before they could withdraw earnings into their accounts. However, users were still not allowed to withdraw, even if they had the minimum balance (as per the Play Store reviews).
For instance, some apps – dubbed ‘CloudScam’ apps by the researchers – meet withdrawal attempts with an ‘insufficient balance’ error message, while ‘BitScam’ apps bar users from withdrawing coins until they reach a minimum balance.
- Users were asked to spend more money in terms of subscription plans and were lured with better rewards along with the promise of further reducing this minimum balance requirement.
- Users are presented with a fictitious, slowly incrementing coin balance, which in some cases increments only while the app is running in the foreground and is often reset to zero when the mobile device is rebooted or the app restarted.
- Withdrawal attempts beyond a minimum threshold trigger a message that falsely signals a pending withdrawal and a resetting of the coin balance to zero.
- The dashboard always displays is a hash mining rate that is typically very low in order to lure the user into buying upgrades that promise faster mining rates, daily rewards, and incentives for referring friends.
How to say alert from such apps in the future?
While the apps detected by Lookout Threat Lab have been removed from the Google Play, dozens are still being circulated in third-party app stores. Following are some of the precautions that users can take to avoid any such scam
Research a developer before signing up for the crypto mining app. It is important to know the developer before paying, read the reviews of other users and also read the terms and conditions.
if the app has the habit of resetting itself often or crashes and that causes a crypto balance reset, that is something you need to notice.
if the app is asking for permissions on the phone that it really shouldn’t be asking for, that is a red flag.
performing due diligence before downloading apps offering cryptocurrency-related services. Take your time, and if a deal is too good to be true, it probably isn’t real.
International Tax Panorama 
Leave a comment