Valuable items will always attract criminals. Cryptocurrency is no exception. However, with a security model as strong as Bitcoin’s it’s very difficult to compromise individuals’ assets. It’s also likely that if a cyber criminal could indeed appropriate funds from random Bitcoin wallets, the value would drop hugely, rendering the whole endeavour pointless.
Rather than target individual wallet, therefore, hackers have turned to more devious tactics to get their hands of digital currencies, as well as personal information about those who hold them.
App stores explioted
An online threat management company called RiskIQ has been studying various app stores. Their researchers have discovered over 600 malicious applications with a cryptocurrency theme amongst Apple, Google Play, SameAPK, APKPlz, and other popular markets that people use to source applications for their devices. These apps have been officially blacklisted by cyber security vendors but remain available for download.
According to their research, RiskIQ have identified that almost 3% of applications with “Bitcoin Exchange” in their title were suspect. Meanwhile, 2.6% and 2.2% of apps with “Bitcoin Wallet” and “cryptocurrency” in the name were also blacklisted. Those behind the creation of such malicious applications hope to trick unsuspecting users into sending large sums of cryptocurrency, fiat currency, or even just personal data for the financial gain of the criminals involved.
Those stores with the most dangerous applications were Google Play with 272, APKFiles with 54, and 9Apps with 52. Fabian Libeau of RiskIQ gave advice to BetaNews to help keep anyone trying to find Bitcoin or digital currency-themed applications for their devices safe:
“We are seeing threat actors around the world exploiting what is already a hostile currency in a lawless digital world… Before handing over any cash or personal data, investors should carry out thorough research into the exchange and wallet apps they intend to use. By checking the developer’s name, user reviews and the number of app downloads, investors can measure the validity of an app and be more confident in their choice.”
Malicious software appears to be the latest effort from the cyber criminals of the world to get their hands on cryptocurrency through illegitimate means. Previously, exchanges and other centralised stores of digital currency have been targeted. There were a spate of attacks against Korean crypto exchange YouBit last year, eventually causing the company to declare bankruptcy. This was followed by hacking of cloud mining service NiceHash. Their security was compromised to the tune of $60 million in December.