Announcing CryptoSlate Research — gain an analytical edge with in-depth crypto insight. Learn more.

Google Play Store Hosted App Found Hacking Crypto Login Credentials

Google Play Store Hosted App Found Hacking Crypto Login Credentials

A video published Thursday by security researcher Lukas Stefanko exposed a malicious app hosted on the Google Play store that distributes malware onto unsuspecting user’s mobile devices.

Harvesting Your Passwords

The app, called Easy Rates Converter, markets itself as a currency conversion tool. In reality, it infects devices with malware designed to harvest their login credentials to legitimate crypto and fiat banking applications.

According to Hard Fork, among the apps targeted were Binance’s official app, CommBank, and Google Play. At the time Stefanko published his video, the app had over 500 downloads. The developer name on the app is listed as ‘hitech_soft.’

According to Stefanko, once the app is downloaded, it deploys malware that infects the host device through a fake Adobe Flash update. On the surface, the malicious app still functions as a currency converter. Once downloaded and activated, it retrieves the malware via the user’s internet connection and deploys it.

After infected, the malware program waits for the user to open a targeted banking app, then overlays the screen with one designed to look exactly like the login screen of the actual app and prompts the user to enter their login information. When entered, the credentials are stored on a server.

When running, the infiltrating app can be seen on an Android device when the user toggles through the apps they have open. However, even knowing the app was there, when Stefanko tried to tap back into a legitimate app on his phone, the malware overlaid itself on his screen again.

Keeping an Eye Out

A search through the Google Play store showed the app has been taken down since becoming the subject of Stefanko’s video, in which he also explains how to remove the malware once found on a device. 

Adobe Flash Being Used For Cryptojacking
Related: Adobe Flash Being Used For Cryptojacking

This isn’t the only way hackers are using Adobe Flash updates to install malware on user’s computers. Early in October, security researchers at Palo Alto Networks discovered a spike in fake Flash installers being used to infect computers with crypto mining malware. The update did installed Flash on host computers, but at the same time infected them with software that mined Monero.

Stefanko works as a researcher for security company ESET.

Cover Photo by Devin Avery on Unsplash

Filed Under: Hacks, Scams
John Bogna

John Bogna is a freelance writer and journalist with seven years of experience covering everything from arts to tech.

View author profile

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.