An Application That Can Be Downloaded From Google Play Steals User Data From Trading Apps

Cybersecurity expert Lukas Stefanko found an application in the Google Play store that steals data from users of cryptocurrency exchanges and banking applications.

In his video blog, the expert that is well known for catching crypto scams talks about an application called Easy Rates Converter, which, at first glance, looks like a simple currency converter. However, it is a malware disguised as an update of Adobe Flash and aimed at stealing user data.

The video contains complete Android banking threat analysis:

  • Distribution vector
  • 2Stealing users credentials
  • Code analysis
  • How to remove it

After installation, the program “waits” until the user launches a banking or cryptocurrency application, for example, the Binance App. After starting the corresponding application, the program overlays the app with a window similar to the entry form to the exchange. Then it waits for the moment when the user logs in, and then sends the received personal data to the attackers.

At the same time, it is quite difficult for the user to understand that his device contains malware, since the converter is working correctly, and there are no signs of suspicious activity.

The Phishing app has been removed from Google Play Store as soon as Stefanko reported on the app.

Phishing apps that can easily be downloaded and installed to the devices using the Play Store or Apple App Store are found very often and the recommendations from Stefanko say that the best for the users is mainly to read the comments, reviews and everything they can found about the app before they decide to install the app in their devices. We are not talking only about trading apps, calculators, converters, exchanges fake apps etc., but also about games, everyday apps and many more categories that can contain malware. The users should be very cautious if they use their devices to open applications that contain important information.