Threat Guidances
Crimeware
Android
Lookout
Malware
July 6, 2021

BitScam & CloudScam: Crypto Scamming Apps

How Lookout Detects and Protects

Cybercriminals will oftentimes try to use legitimate capabilities to obfuscate malicious activity. The true intentions of an app are oftentimes hidden in the data access permissions and behaviors, and even then, can be difficult to uncover without the right tools. Static and dynamic analysis of the industry’s largest mobile dataset enables Lookout researchers to protect customers by continuously discovering and researching new threats. Devices with Lookout installed can detect and be alerted to these two families as well as any other apps with risky functionality built in.

To learn more about the technical specifications of this campaign, including IOCs, read the full article here.

Key Findings

  • These families enable threat actors to use legitimate functionality to carry out scams
  • The apps that were on the Play Store have been removed, but hundreds more still exist on third-party app stores.
  • Indicators of Compromise (IoCs) for both families are available here.

Background and Discovery

Researchers at Lookout have discovered almost 200 Android apps, including 25 on the Play Store, scamming cryptocurrency investors out of money. The apps advertise that they provide crypto mining services for a fee, but upon further analysis Lookout researchers discovered no mining takes place and these services are never delivered.

Capabilities and Affected Parties

BitScam and CloudScam, which are the two families behind the discovered apps, are able to fly under the radar because they don’t actually execute any malicious code. By using legitimate payment processes, the families enable these apps to collect money for services that don’t exist. Even though the apps that were found on the Play Store have been removed, the others are still circulating on third-party app stores. In addition, while BitScam and CloudScam have now been exposed, threat actors could continue to build apps with these families and create evolved versions to try to elude security tools.

Authors

Lookout

Cloud & Endpoint Security

Lookout, Inc. is the data-centric cloud security company that uses a defense-in-depth strategy to address the different stages of a modern cybersecurity attack. Data is at the core of every organization, and our approach to cybersecurity is designed to protect that data within today’s evolving threat landscape no matter where or how it moves.

Entry Type
Threat Guidances
Threat Type
Crimeware
Platform(s) Affected
Android
Discovered By
Lookout
Threat Type
Malware
Platform(s) Affected
Threat Guidances
Crimeware
Android
Lookout
Malware

Related Content

Chrome & Firefox Vulnerabilties

Google and Mozilla have both recently disclosed critical vulnerabilities in their respective Chrome and Firefox web browsers.

Read Threat Article

CVE-2024-8904, 9602, & 9603

Google has reported two new vulnerabilities in Chromium based browsers tracked as CVE-2024-8904 and CVE-2024-9602

Read Threat Article

CVE-2024-7971

Researchers at Microsoft recently discovered and reported a new zero day vulnerability in Google’s Chrome browser, which is tracked as CVE-2024-7971

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell