Google has purged its Play Store marketplace of eight more dangerous apps that could seriously cost Android users. In its latest crackdown, the Android makers have removed a number of fake cryptocurrency apps designed to sign up victims to expensive subscription services.
The bogus apps allegedly help Android users with cryptocurrency mining, and in some cases were downloaded over 100,000 times from the Google Play Store. This threat was discovered by security experts at Trend Micro, who said victims could be signed up to subscriptions worth almost £150.
The majority of the offending apps were free-to-download, but one cost $5.99 with the other priced at $12.99.
Speaking about its findings, Trend Micro said: “We recently discovered eight deceptive mobile apps that masquerade as cryptocurrency cloud mining applications, where users can earn cryptocurrency by investing money into a cloud-mining operation.
READ MORE: Terrifying Android scam is back! Here’s what you must do to avoid it
“However, upon analysis, we discovered that these malicious apps only trick victims into watching ads, paying for subscription services that have an average monthly fee of US$15, and paying for increased mining capabilities without getting anything in return.”
Trend Micro reported its findings to the Google Play Store, and the apps have since been taken down.
However, even though the apps have been removed from the Play Store if you’ve previously downloaded any of this software installed on your Android device – it will still be there. The only way to protect yourself is to remove them yourself. And right now.
Here is a full list of the offending Android apps..
• BitFunds – Crypto Cloud Mining • Bitcoin Miner – Cloud Mining • Bitcoin (BTC) – Pool Mining Cloud Wallet • Crypto Holic – Bitcoin Cloud Mining • Daily Bitcoin Rewards – Cloud Based Mining System • Bitcoin 2021 • MineBit Pro – Crypto Cloud Mining & btc miner • Ethereum (ETH) – Pool Mining Cloud
Despite these apps being removed from the Play Store, Trend Micro said they had “found numerous concerning applications of the same type” after searching for cloud mining.
The cyber security experts said there was still “more than 120 fake cryptocurrency mining apps are still available online”.
Trend Micro did offer Android users advice on how to spot bogus cryptocurrency apps on the Google Play Store.
Here are the telltale signs to look out for…
• Carefully read the app’s reviews. Fake apps will receive numerous five star reviews once they are released publicly, but don’t be fooled by these as they may be false and paid-for reviews. Pay more attention to one star reviews.
• Try to enter an invalid or wrong cryptocurrency wallet address. After extensive analysis, Trend Micro found that most of the malicious samples only process wallet addresses as non-empty values. Hence, if a user encodes an invalid wallet address and the app accepts it and is able to perform follow-up operations, there is a high probability that the app is fraudulent.
• Restart the app or phone while it is in the process of mining. Most mining actions for fake apps are just simulated with local counters. This means that if a device is restarted after mining starts and the mining application is killed in the background, the system will forcibly clear the counter, resetting it to zero.
• Confirm if there is a withdrawal fee. The transfer of cryptocurrency requires a handling fee, which is relatively high compared to what is typically made from cloud mining. Hence, free withdrawals are very suspicious.