Scam: Android app pretends to buy Ether from Android
August 23, 2018 | Lars Sobiraj
Scam: Android app pretends to buy Ether from Android

Scam reloaded: Security researcher Lukas Stefanko stumbled across an app at the Google Play Store that sells buyers a simple symbol for 334.99 euros. Customers should think that with this app they can buy an ETH instead of the low-resolution graphic. To make the offer look serious, the makers have apparently come up with an interesting trick.

Bitcoin Evolution shows new Trick

Almost 335 euros for a single ETH symbol, even though it is available everywhere on the net? That’s a mature achievement from the cybercriminals! ESET employee Lukas Stefanko pointed out on Tuesday, 21 August, on Twitter that it is simply not the same thing to buy an app or an ether. The 100 or so customers have probably noticed this, after only Bitcoin Evolution the symbol graphic of this crypto currency was displayed to them after the purchase. In addition, the ETH rate is currently around 245 euros. We are talking about a full difference of 90 euros, which the buyers pay too much. But instead of the crypto currency, customers receive no more than the graphic anyway.

Show image on TwitterShow image on Twitter

Lukas Stefanko
Buying Ethereum app is not the same as buying #Ethereum.
Scam app for €335 only displays ETH logo.

08:44 – 21 Aug. 2018
123 users talk about it
Twitter Ads Info and Privacy Policy
Scam on behalf of Google Commerce Ltd.
Alleged provider of this app is “Google Commerce Ltd.”, the official operating company of the Android App Store. The source could hardly sound more serious. Since the Google Play Store opened in 2008, harmful or even abusive apps have appeared again and again at short intervals. Google apparently never did anything about it. At least nothing that would have had a lasting effect. There are still countless crypto-mining apps available today, even though they have been officially banned since the end of July.

But this is only one example of many. Stefanko found more than 20 fake apps with alleged Flash players that were downloaded over 350,000 times. Almost on a daily basis he publishes hints which Android apps should be avoided. The delivery of invisible advertisements on the device is still the most harmless variant. Some apps reload dangerous malware after installation in order to eavesdrop on the user of the smartphone from front to back. The most interesting things for criminals are of course credit card details or crypto wallets, which are managed on the move.

Has the app ever been tested?
If the app had been checked manually, the responsible employee would have immediately noticed the strange name of the seller, after all, he works for Google Commerce Ltd himself. So one thing is certain: the operators of the app store never took a closer look at the software. Otherwise the plan of the cyber criminals would not have worked out.

The users of an Android smartphone would welcome it if Google would finally show more care in dealing with the apps on offer. By the way, Twitter rightly noted that one cannot automatically assume that all users of this scam app paid the same amount. It is possible that the app was previously offered at a lower price. But that doesn’t change the fact that the Google Play Store lacks care. And also not that it has already hit the ignorant again. In addition, it is highly questionable whether the fraud victims will once again voluntarily deal with the topic of crypto currencies after this experience. Probably not.