Google Removes Three Fake Bitcoin Wallet Apps From Google Play

A security firm discovers that fake cryptocurrency wallets got into the Google Play store. How can users avoid the fraud and keep their Bitcoin where it belongs?


Security firm Lookout reported on Dec. 20 that it found three fake Bitcoin cryptocurrency wallet apps in the Google Play store, which Google has since removed.

Users who want to hold cryptocurrency like Bitcoin need some form of wallet to access, receive and send the currency. There are multiple types of wallets, including offline hardware, cloud, desktop and mobile apps.

"Bitcoins are held in a Bitcoin address," Christoph Hebeisen, security research manager at Lookout, told eWEEK. "The wallet holds the private key that allows accessing the wallet."

Wallet apps often are also used to generate a Bitcoin address to be used with the wallet, Hebeisen said. The three fake Bitcoin wallet apps that Lookout discovered weren't wallet apps at all; they were just made to look like they were, he said. As such, instead of providing a Bitcoin address for an end user, the wallets siphoned any cryptocurrency received by the wallet to the attacker's own Bitcoin address.

According to Lookout's research, the three fake Bitcoin wallet apps collectively had approximately 20,000 downloads prior to being removed by Google.

"We reported the apps to Google during normal business hours, and they removed them immediately," Hebeisen said. "This occurred earlier this month."

The three fake Wallet apps are part of a mobile malware family that Lookout has dubbed PickBitPocket. It's not clear how many Bitcoins were stolen with the fake wallets, though Hebeisen said Lookout can confirm that the attacker was successful in rerouting some Bitcoins to his or her account.

"This is a relatively new threat, as there have not been many fake cryptocurrency wallets on a mainstream store yet, either for Android or iOS," Hebeisen said.

What Should Users Do?

There are several things that users can do to avoid becoming a victim of a fake Bitcoin wallet scam. Hebeisen noted that Lookout's mobile security app can detect whether an app is a malicious and will recommend to users that they stop using the app.  

Hebeisen also offered users the following tips: 

• Keep your device updated with the latest operating system and use a security app, like Lookout, which will watch out for app, device and network issues that could compromise your sensitive accounts and information.

• Only use Bitcoin wallets (apps) from reputable vendors.

• Don't sideload apps, especially not Bitcoin wallets—rely on apps in the mainstream Android and iOS stores (with the notable exception of the three that were on Play, but Lookout caught them before they were distributed to millions of users).

• Make sure you back up your wallet regularly, encrypt backups and store multiple copies in more than one place such as on USB and ideally not online since some of these services have been breached. Experts recommend you write down your mnemonic or private key and store it separately in a secure location.  

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.