Researchers Discovered 170 Scam Apps That Stole $350,000 From Their Users

Last updated July 8, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Security researchers at the Lookout Threat Lab have identified 170 Android apps that defrauded their userbase and stole $350,000 from them in the form of crypto. Twenty-five of these apps were available on the Google Play Store, Android’s official software repository. Based on the relevant analysis, the apps have tricked a total of 93,000 users, holders of cryptocurrencies. All of these apps are promoted as coin management, wallet management, mining, transaction, or exchange tools, so they all target a very specific category of investors.

The 25 apps that were available of the Play Store are the following:

Source: Lookout

If you have any of these apps installed on your phone, remove them immediately and run a mobile security tool to ensure that any remaining components will be deleted too. These apps execute code in the background, exfiltrating various types of private information to an actor-controlled C2 server, send confusing SMS, and serve ads outside their context.

So, how did the 25 apps manage to enter the Google Play Store without raising any flags? Because these apps didn’t do anything obviously malicious, being shells to buy crypto from non-existent platforms, they weren’t considered malware. They are just scamming tools, but this wasn’t easy to determine and certainly outside the scope of app reviews. In some cases, the distributors of these apps made money by selling them as premium tools, only to leave the users with an underwhelming experience in a fake app.

In most cases, though, the users were tricked by a fake mining dashboard that invited them to purchase “upgrades” to up the mining rates. No matter what the users bought and what their total assets appeared to be, they held nothing in reality. These upgrades cost between $12.99 and $259.99, and the payment options included Google Pay, Bitcoin, and Ethereum.

Source: Lookout

To ensure that the users wouldn’t stop investing until it was too late, the apps were set to prevent withdrawals until a minimum balance was reached. Even when this happened, users were still forbidden from withdrawing, as some Play Store reviews point out. In some cases, the wallet balance was set to zero, and the transaction was marked as “pending” to delay negative reviews a tad bit more.

From Lookout’s report, it becomes obvious that these scam apps have multiple ways to trick users and steal their money. Do not download apps from outside the Play Store, pay attention to the permission requests upon installation, read user reviews, read the terms and conditions, and perform a full background check on the developer. Even after all that, keep an eye on the app’s activities and avoid paying anything until you have confirmed that you can withdraw money to your wallet.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: