Lookout an integrated endpoint-to-cloud security company, today announced the discovery of major crypto mining scams using hundreds of Android apps. Categorised into two distinct Android app families, BitScam and CloudScam, these apps were designed to target people interested in cryptocurrencies.
In total, security researchers at the Lookout Threat Lab identified more than 170 apps that are estimated to have scammed more than 93,000 victims. The majority of these apps are side loaded based on the fact that only 25 were available for download on Google Play. Lookout has been in close contact with Google and the apps on Play have been removed.
The BitScam and CloudScam apps advertise themselves as providing cloud cryptocurrency mining services for a fee. After analysing the apps, Lookout researchers found that no cloud crypto mining actually takes place. The scammers pocket the money spent on apps and upgrades without ever delivering the promised services. Lookout estimated that the apps stole more than $350,000 from their victims.
“These apps were able to fly under the radar because they don’t actually do anything malicious,” said Ioannis Gasparis, a mobile application security researcher at Lookout. “They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist. Purchasing goods or services online always requires a certain degree of trust — these scams prove that cryptocurrency is no exception.”
BitScam and CloudScam apps both trick people into thinking they are paying for cloud crypto mining services. In addition to the apps themselves costing money, they promote additional services and upgrades that users can purchase within the apps, either by transferring cryptocurrencies to the developers’ wallets or through Google Play. These apps also display fake minimum account balances to entice users to spend more money on the services and upgrades.