Tens of thousands scammed using fake Android cryptomining apps

Scammers tricked at least 93,000 people into buying fake Android cryptocurrency mining applications, as revealed by researchers from California-based cybersecurity firm Lookout.

The 172 paid Android applications, tracked as two separate families dubbed BitScam (83,800 installs) and CloudScam (9,600 installs), were advertised by the cybercriminals to victims as providing cloud cryptocurrency mining services.

Twenty-five of these fake apps were available in the Google Play Store, while those sold on third-party app stores could be side-loaded by victims on their Android devices.

Fake app upgrades also used to scam victims

Lookout researchers revealed in a report published today that the apps didn’t include any cloud cryptomining functionality.

Instead, the scammers filled up their wallets by selling the fake apps without actually providing any of the advertised services.

The scammers used the fake Android apps to steal a total of over $350,000 ($300K in app sales and $50K in fake upgrades) from thousands of victims worldwide who bought the apps and paid for additional services and non-existent upgrades.

“These apps were able to fly under the radar because they don’t actually do anything malicious,” Lookout mobile app security researcher Ioannis Gasparis said.

“They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist.”

Dozens of fake cryptomining apps still for up for sale

Targets were lured into spending even more money on the apps using the promise of additional services and app upgrades, purchasable via cryptocurrency transfers straight to the scammers’ crypto wallets or via the Play Store.

“Both CloudScam and BitScam also offer subscriptions and services related to crypto mining that users can pay for via the Google Play in-app billing

system,” Lookout explains.

“What makes BitScam different is that its apps also accept Bitcoin and Ethereum as payment options.”

Even though Google has already removed all the fake BitScam and CloudScam cryptomining apps found on the Play Store apps, Lookout says that dozens of them are still up for sale on third-party app stores around the web.

A list of all BitScam and CloudScam apps, indicators of compromise (IOCs), additional technical details, and info on the number of Play Store installs per app are available in the Lookout report.