3 fake Bitcoin wallet apps appear in (and are quickly removed from) Google Play Store

By Lookout Team

December 26, 2017

Bitcoin's rapid (and potentially volatile) growth has prompted headlines from major news outlets and interest from individuals all over the world who may not otherwise dabble in alternative forms of currency. Bitcoin values have soared in the last few weeks, with record highs of over $18,000. Of course, this means attackers want in on the action.

Lookout has identified three Android apps disguised as bitcoin wallet apps, previously in the Google Play Store, that trick victims into sending bitcoin payments to attacker-specified bitcoin addresses. Google removed the apps immediately after Lookout notified the company. The apps collectively had up to 20,000 downloads at time of removal.

We call this mobile malware family "PickBitPocket." All Lookout customers are protected from this threat.

How PickBitPocket works

PickBitPocket apps pretend to be legitimate bitcoin wallets, but instead are set up to trick victims into providing the attacker's bitcoin address instead of the seller's.

For example, an individual is selling some goods or services and allows payment in bitcoin. The seller provides a bitcoin address to the buyer for the payment. If the seller is using a PickBitPocket wallet app, he will instead send the attacker's bitcoin address to the buyer, in effect routing the bitcoin payment to the attacker.

Three apps removed from the Play Store

We discovered the following three fake bitcoin wallet apps for Android.

"Bitcoin mining"

  • Upwards of 5,000 installs

fake bitcoin wallet

"Blockchain Bitcoin Wallet - Fingerprint"

  • Upwards of 10,000 installs

fake bitcoin wallet

"Fast Bitcoin Wallet"

  • Upwards of 5,000 installs

fake bitcoin wallet

As bitcoin captures broader interest, this means more people may be purchasing the cryptocurrency, or looking for mobile wallets to store their coins. Individuals should be vigilant in choosing a secure wallet and should also have a security solution in place, such as Lookout, to identify malicious activity on their device.  

Terms of Use | Copyright 2002 - 2017 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement