A fake EOS wallet app on the Google Play store has been stealing cryptocurrency. EOS developers took to Twitter Thursday morning to warn the community.
A Reasonable Facsimile
EOS RIO is an independent software firm based in Rio de Janeiro. The group is designated as one of the 21 ‘Block Producers’ for EOS, one of the primary governing bodies on the EOS blockchain.
The fake app, SimplEOS was designed to mimic the appearance of other apps made by EOS RIO. Once downloaded, the wallet app would steal funds by deceiving users into divulging their private keys.
Following the app’s appearance, EOS RIO warned the community in a Tweet that the group currently has no apps in the Google Play store.
🚨 SCAM ALERT 🚨
There is a fake SimplEOS app on Google Play! We’ve taken the security measures to take it down! Please help us spread the word to avoid users from being hacked!
The secure way to download your SimplEOS is on https://t.co/aFFX8mwVOU or https://t.co/w8IkxYPF0F pic.twitter.com/lBAanaqBKy
— EOS Rio (@eosriobrazil) November 8, 2018
As of this writing, the malicious app has been taken down by Google.
Fake wallet apps do their best to imitate the real thing in an attempt to gain a user’s login credentials and clean out their crypto wallets. Usernames, passwords, and private keys are all targets for malicious software, and because of the decentralized nature of crypto stolen funds are oftentimes gone for good.
Sticking with trusted developers is usually a great way to make sure you aren’t downloading a fake app. However, even the developers of an app can be faked. Luckily, once EOS RIO was made aware of the app, the group published warnings to ensure the community was informed.
Not The First Fake EOS Wallet
Fake apps can wreak havoc, even if they get removed quickly. Last week, security researcher Lucas Stenfanko found a seemingly innocuous currency converter app that was harvesting user’s banking passwords, including ones for crypto exchanges like Binance. The app had over 500 downloads before it was taken down.
According to The Next Web, YouTubers The Hodgetwins had their EOS stolen from another shady wallet app hosted in the Apple app store. The app was only removed after the theft of 1,500 EOS (roughly $8,500 USD).
Protecting Your Cryptocurrency
Cryptocurrency holders are prime targets for hackers. To protect your investment it is important to remain vigilant.
The best way to identify fake apps is to check the app’s reviews. If there are a large number of downloads and more than a thousand reviews, then you can be reasonably sure that the app is legitimate.
Another good practice is to keep the majority of your funds in a cold wallet. Although hot wallets give users quick access to funds and access over the internet, these features are also areas of attack for hackers. To minimize these risks a cold wallet is the best solution. Cold wallets store funds completely offline, providing hackers with fewer ways to steal your funds.
Cover Photo by Alexandre Godreau on Unsplash