The cryptocurrency craze has brought countless apps related to it into mobile app stores, providing users with a variety of tools from trading, investing to managing digital assets. However, there are also carefully disguised scam apps among them, posing a threat to the security of users' assets.

This article will take the Apple mobile phone APP Store as an example to expose the phenomenon of fake cryptocurrency software in the App Store, analyze the reasons behind it, and use real cases to illustrate the harm caused by high-imitation APPs, so as to raise users' vigilance.

The Current State of Fake Cryptocurrency Apps

Take Magic Eden and Jupiter as examples. These two apps are well-known in the cryptocurrency field and have therefore become targets for scammers to impersonate.

As a popular multi-chain NFT market, Magic Eden provides users with a platform to buy, sell, and discover digital artworks. However, on March 7, Magic Eden team member Voh discovered that there were fake apps on the App Store that used ME's reputation to commit fraud. The fraudulent APP imitated the official website and user interface to trick users into downloading and using the app, and asked users to provide sensitive information such as wallet private keys to commit fraud. Voh said, "The software is region-specific and the application is not accessible to US users. Since there is no official Magic Eden mobile application on the iOS App Store and Google PlayStore, it is difficult for unsuspecting users to detect the authenticity of the malicious application."

Similarly, a fake APP appeared on Jupiter, a decentralized exchange based on Solana. The comments below the APP were full of words like SCAM ALERT. The victim downloaded the APP from the Apple App Store, linked the wallet, and authorized it, resulting in the theft of $1,250 in funds. In addition, the APP also steals the user's mnemonic phrase for theft.

User reviews of the fake app

Jupiter scam address analysis

The victim, KryptoSub, said on social media that he downloaded a fake Jupiter APP from the APP Store, and his mnemonic was stolen after linking his wallet, causing his entire chain of assets to be emptied. Based on the fraud address 0x9e82530383d81725ec950ee51d116bde8bdc859e published by KryptoSub, we conducted further analysis.

We found that from 2024-01-11 20:21:23 to 2024-03-30 09:19:59, the address stole the mnemonics of 298 suspected victims and laundered them, with a total of 353.6 $ETH and 330,500 $USDT. The cryptocurrencies that flowed into this address are mostly various altcoins. After the hacker used 1inch to convert them into $USDT, he hoarded the coins in 4 addresses. Some of the profit funds have been transferred to the Binance exchange through the Allbridge cross-chain bridge or directly. At present, the address has been marked as a phishing address by Ethereum scam, and the phishing activities have been stopped on March 30.

It is not difficult to see that the threat of fake cryptocurrency apps is real and urgent. These frauds not only harm the interests of users, but also have a negative impact on the reputation of related brands. The cryptocurrency boom has put forward higher requirements for the application review process of mobile phone stores, led by the APP Store.

Why are fake apps so rampant?

There are loopholes in the review process

Although Apple has a strict app review process, there are occasional loopholes. Developers may exploit loopholes in the review process to allow counterfeit or fraudulent apps to temporarily pass the review. It is reported that Apple usually relies on automated tools and manual inspections to assess the security of apps. Once an app is approved for listing, if it is subsequently used for malicious purposes, it will take some time for Apple to discover and remove it. Criminals take advantage of this time difference to quickly spread malware and cause damage to unsuspecting users.

Abuse of technology

Unscrupulous developers may also use advanced techniques to circumvent security detection. Techniques such as code obfuscation and dynamic content loading can mask the true intent of the application, making it difficult for automated security detection tools to identify its fraudulent nature. These techniques provide a layer of protection for fake applications, making them look like legitimate software when they are reviewed.

Exploitation of user trust

Developers of fake apps imitate the appearance and names of well-known apps, taking advantage of users' brand recognition and trust, misleading users to download and use them. Since users generally believe that apps in the App Store are strictly screened, they may not conduct necessary reviews, making them more likely to become victims of fraud.

Final Thoughts

To prevent this, app stores such as the APP Store should continue to improve their app review processes; official projects should crack down on counterfeits in a timely manner; and cryptocurrency users should take preventive measures, such as checking developer information, carefully checking app ratings and feedback before downloading, and reporting suspicious apps in a timely manner.