California-based security firm, Lookout, released a report Friday announcing the discovery of a major scam targeting android devices.
According to a recent report from security firm Lookout, some 93,000 Android users have been victims of a scam to sell them fake cryptocurrency via the Google Play Store. The apps were advertised as an avenue to passively earn money by mining cryptos for the user. In reality, the apps did nothing of the sort.
What they did do was charge victims for improvements that would help them mine more and more bitcoin. Essentially, the scammers are tricking users into investing in a bitcoin mining operation that does not exist.
Similar scam apps are set up to steam your private data from buyers. When the user goes to withdrawal their funds, an error message pops up and stops them in their tracks.
The problem is not just limited to a few bad eggs either, Lookout detected 170 or so such apps making the rounds with 25 of them currently available on the Google Play Store. The remaining 150 require third-party software to be downloaded.
The report breaks down the scams into two categories, BitScam and CloudScam.
Distinguishing between BitScam and CloudScam apps
Lookout breaks the scams down into these two main categories based on how each is funded. Both BitScam and CloudScam apps offer similar subscriptions to mining or services that promise to up the amount of crypto you can mine at one time. Each service also utilizes Google’s in-app billing system.
The main difference between the two is that BitScam allows users to fund scammers using Bitcoin and Ethereum. Meanwhile, CloudScam apps only allow users to lose money with their credit or debit cards.
It should be noted that there is a number totally legitimate cloud mining apps on the Google Play Store. Those apps have high-quality coding and following secure coding practices ensuring users remain safe and are not scammed out of their money. The legit apps are also generally linked to a known mining operation.
Meanwhile, the scam apps all share a very similar and basic code and are not tied to any reputable mining operation. The apps are so basic that even somebody who lacks programming experience can create the framework they run on.