Lookout Life
Threat Intelligence

December 10, 2017

min read

Fake Bitcoin Wallet Apps | Lookout Threat Intelligence

Bitcoin's rapid (and potentially volatile) growth has prompted headlines from major news outlets and interest from individuals all over the world who may not otherwise dabble in alternative forms of currency. Bitcoin values have soared in the last few weeks, with record highs of over $18,000. Of course, this means attackers want in on the action.

Lookout has identified three Android apps disguised as bitcoin wallet apps, previously in the Google Play Store, that trick victims into sending bitcoin payments to attacker-specified bitcoin addresses. Google removed the apps immediately after Lookout notified the company. The apps collectively had up to 20,000 downloads at time of removal.

We call this mobile malware family "PickBitPocket." All Lookout customers are protected from this threat.

How PickBitPocket works

PickBitPocket apps pretend to be legitimate bitcoin wallets, but instead are set up to trick victims into providing the attacker's bitcoin address instead of the seller's.

For example, an individual is selling some goods or services and allows payment in bitcoin. The seller provides a bitcoin address to the buyer for the payment. If the seller is using a PickBitPocket wallet app, he will instead send the attacker's bitcoin address to the buyer, in effect routing the bitcoin payment to the attacker.

Three apps removed from the Play Store

We discovered the following three fake bitcoin wallet apps for Android.

"Bitcoin mining"

  • Up to 5,000 installs
fake bitcoin wallet

"Blockchain Bitcoin Wallet - Fingerprint"

  • Up to 10,000 installs
fake bitcoin wallet

"Fast Bitcoin Wallet"

  • Up to 5,000 installs
fake bitcoin wallet

As bitcoin captures broader interest, this means more people may be purchasing the cryptocurrency, or looking for mobile wallets to store their coins. Individuals should be vigilant in choosing a secure wallet and should also have a security solution in place, such as Lookout, to identify malicious activity on their device.  

Are you an enterprise interested in learning more about Lookout Threat Advisory Services? Contact us here.