Topic: It can be totally avoided (Read 265 times)

Thanks lovesmayfamilis, honestly I was not aware of it and I was thinking that only PC software will install malware. Anyway I read full article and it has very worthy Information and I suggest you to write complete thread whenever you get free time which will help newbie so much.

According to article most of the Playstore app showing hidden ads which affect performance of the phone. Some apps open sites in browser and auto subcribe services by auto filling phone code. very few apps that are stealing phone information but I didn't see wallet or phrase Target there but I think whenever we copy our phrase the possibility of stealing is possible when these malware installed

But do not forget that it isn’t always going to be a crypto wallet app. These phishing applications could be almost anything. I read a thread yesterday where a forum member posted that he lost 11 BTC and later figured his wife was trying to download a normal app on the laptop. So, while you’re careful to not download the fake wallet, because what app you download in the first place. Also, you can’t fully blame these app stores? Everyday a lot of applications are created. It’s not easy to go through all the features of the app, let alone check for malicious code. Advancements will come with time though but wrongdoings always finds its way.

I agree with this statement; and it is happening on all playstores even the huawei store. This is why as crypto investors we need to be extra vigilant and careful especially in conducting researches. Recently, the application stores are focused on "earning" and securing revenues instead of protecting users on their platform.
 
How do you vet?

Once you find an app on the store; don't just download, first visit the project group channel and verify the existent of the mobile app. In google playstore; there is a popular decentralized launchpad app there which is fake; fake apps are obvious, always obvious.

Secondly, you should read developer comments or "App Privacy"  on the apps page before downloading to your phone.

Always keep yourself and assets safe!

You don't have to be afraid just be careful when downloading some exchange, or wallet from the Play Store or any app store. Because the fake listing is possible and we can't blame those store owners because these developers found a way to bypass some basic rules and found a way to come around them and become able to list their fake wallet or exchange app on these app stores.

All you have to do is find the official website and find a way to download those wallet apps from there or try to see the signatures of these apps if they are open source like Electrum wallet. I don't know if TW provides signatures to confirm it but Electrum does.

Besides confirming the signatures, you better check the number of downloads, and reviews, and don't forget to download apps using the official website. Because it reduces the risk, I always use websites official ones, to download these wallets or register on new exchanges. Once again, you don't have to be scared just be careful while using new apps and technologies and if you are afraid of that much then don't keep your funds in wallets that are vulnerable to attacks easily, you might want to enable 2FA like multi-signature wallets.

You will be surprised by Kaspersky Lab's investigation that hundreds of Google Play apps have been infected and used by users more than 600 million times.
Therefore, trusting even very famous developers at some point can be dangerous. Exactly like using a phone for various needs, including finance and games, can end badly.

https://www.kaspersky.com/blog/malware-in-google-play-2023/49579/

The best advice is to learn how to sign a message and how to verify software signature, as signing and ensuring that the program has been signed by the developer will reduce the possibility of it being fraud, in addition to relying on official links and the large number of downloads and reviews.
It is not in the Google Play Store, but rather in the applications found in it. They may be fraudulent, phishing, or developed by adding side doors, but once you are sure that this is an official application, there is no problem. Sometimes the number of large downloads is a good indicator of that.

True, there are always risks associated with being online. Even a high-end wallet like Ledger is vulnerable if connected to a dubious website, exposing our private keys to scammers. That is why it is critical to develop the practise of double-checking from reliable sources. Stick to the official channels and resist the impulse to make hasty judgements if your  assets are safely stored in a hardware wallet. Keep your guard up because, let's face it, the cryptocurrency space can be a crazy and deadly trip. People, put your safety first!

If you are curious and always want to explore new platforms, new applications, new projects and their smart contracts, use only one device to do this. That device should not be used for you wallet storage, wallet backup storage, exchange account log in.

For applications, verify them before using. If they are wallet applications, you can check them with https://walletscrutiny.com/

For smart contract interaction, use your small wallet for curious interactions and revoke smart contract access when you are done with explorations.

How to revoke token approval
https://revoke.cash/
https://app.unrekt.net/

Once you discover that the APP is a scam APP base on some  strange things you are experiencing from the wallets you can avoid it by deleting the APP and look for the original one that will make your coins secure in your wallet. If you enter the Google play store you will see many APP that are not real but just a scam and if you look very well you will see many users comments about the APP which, it will give you some signs to quit the APP for the negative results you got from their users.

There are still some real website you can download hardware wallets, your coins will not be scam because your seed phrase are well secure and there is no way scammers can have access to your wallet, but if you dispose your password to anybody your coins will be in danger.

That's just for Android app store, as far as I know Apple's app store is pretty strict on what apps they are going to allow in their store so not all apps are really bad, you just have to be on the right Operating System. Google App Store is pretty relax on their requirements to be approved and to be displayed in the app store, that's why this kind of stuff happens. You're correct about checking the developer, that's a big red flag if you can't see their face or they don't have a portfolio to back up their app development history, most of the time these developers have a lot of previous works if they are a legitimate developer and if they are an individual then you can probably find them in LinkedIn or GitHub.

I agree with you back a year ago there is Sollet app on play store and this not the original version of the app and this was actually scam app and people in my community got scammed around 100K although he got the money from the airdrop but still that is a lot of money. and i think there are other people to that fall at the same app.

So we need to double check everything before make any installment

Playstore is filled with a lots of fake apps and Google is not doing much to prevent scammers from using its marketplace as a dumping ground, they are more concerned in making money.

Since your funds are in intact, I want to believe you downloaded the real wallet applications, but next time avoid using the search option so that you won't download a clone version. What I normally do is to visit the original website, and download directly from there or follow the link to back to playstore.

They don't really check all the time about the apps that will be put in their store. What you should do is to report it on the store that it is a scam app and maybe it will get removed. Well, if you know the app's developer then you should always check rather than downloading whatever you see when you search the name of the app you are going to install. It is not the only google play and other app store that has fake app but also website that looks professionally made and looks legit but the truth is that it is a scam website with a scam app.

The stores allow them because they don’t know anything about it, and the stores were created for such reasons. That is why these developers go in there and register with them and start positing those apps, and the reason is that this specific store where we found those apps is making a mistake sometimes, which is that they need to study what the developer is about to bring in to the App Store, but unfortunately they failed to do so, so I believe this is the only way for these stores to limit scam apps in their store.

I don’t think there is anything we can do about it. If you are talking about how we can limit these scam apps, it cannot be possible because we don’t know the developers of these apps. So to me, the only thing we can do is download what we know or know people are using, and they haven’t complained about it before. We should avoid downloading any new app we see in the store; we should download an app that is well known by people or has been used by many people.

I know it's very wrong when a reputable source is compromised but I don't think the stores are at fault here. None of these fake apps have a mark that shows it is a fake app and you don't expect the scammers to indicate that the app is for scamming. There is no way the stores will allow scam apps to be uploaded if they are aware of it. Many apps were taken down by stores when they later discovered that those apps are not trustworthy and harmful to users. I know it's possible for them to fish out the real and fake apps from developers but since they are not doing it automatically, we can play our path by reporting suspicious apps and give a negative review so people can be aware. It's our own responsibility to visit the official website of the wallet in order to download their app.


This will actually help in such situation but the problem here is how many people can afford to buy extra device specially for crypto apps? Only few but it's better to sacrifice and be safe than to cry later over the lose of assets. To make things worse, most of these apps we request to have permission to almost every aspect of your device.

Same thing I have noticed in my life. When I got for the Internet Download Manager or the same type of software like I can say the Video Editing Type of Software which always requires some product keys and even some of them have to be required the patch option which are going to patch inside the folder of your pc or laptop you are using. Then the person who have created this type of file he just carried the data from the computer and hack the wallets etc. in all over the computer. Tell me in this case who should be trust because we always needs these software in all aspects.

Anyone can develop and upload applications in Play Store and it is pretty simple but the app will be available for download only if it's approved by the Play Store reviewing team to be honest the reviewing unit is not 100% secure and most of the time the uploaded application after it receives too many reports about the app or if it violates the google privacy policies.

And we can't blame them either, because on average 4K apps get listed every day on the play store so imagine how many applications they will receive, so the responsibility is in our hands and as you said by looking at the number of downloads and reading the reviews from users will give an idea about the app.

Hmm, OP TBH those who want to try out the third-party software, from unknown sources will not stop on any kind of warning because there is no substitute for what they need. I know how people prefer using software recommended from the blog posts, on Google search recommendations and they even try from unreliable sources. Until their need is getting fulfilled they are ready to compromise anything without even realizing the consequences.

I've experienced it many times in the past when to fill my need for IDM I've compromised my whole data twice, and on the ledger hardware wallet, there was a very controversial debate on it AFAIK a few months ago.

Most of us unknowingly install every required app on our devices without realizing the consequences and this is what cant be even avoided better to take out all of the financial crypto apps on a separate setup (Dedicated Device). This is the best thing we can do.

First time I hear that Playstore also allow scammers to launch app in their store. I was thinking that all apps in the Playstore are first checked by play protect team and then only save apps are allowed because we say above every app that it is protected by play protects.

I generally check number of download, rating and review before downloading any app. Official app are download more than 100k many times and review more than 10k however downloading from official site is more secured. We have to get paly store, Apple store downloading link from the official site so that we didn't face any scam attempt.

That is the world we are into. Google allows every project owners to upload their app in the play store in order to make so much money and they care less about the safety of the people downloading these apps. Google play would have been one of the safest place to download applications according to the status of Google.
I understand they want to make as much money as possible and remain in business, but they should not upload clone or similar apps. There should be a mechanism to detect similar apps and not list them of not from the same company.

Download from the website as many has said. When you are eventually redirected from the website to the play store, you don't have to panic only if you are sure you logged into the original website.

At first, I thought these googleplay and appstore were paying devs and coders who would check the codes of the apps uploaded onto them. Seem like the best course of action since these come from opensource project. Android is based on Linux and Apple however is a close source but they have the responsibility since it's their platform and they allow devs to work on their proprietary devices.

For reference, OP is talking about this incident: Microsoft Listing Fake Ledger App Leads to $590K of Bitcoin Stolen by Hackers

You are only going to be scared if you're the type of guy that downloads randomly from unofficial websites of the wallets that you use. Google Playstore, Microsoft store and even the Apple app store can be used by these scammers/hackers.

That's why as someone who uses the wallets that we trust, you need to download it directly from their official website than trusting these applications stores.

From the original/official website, that is how to download your wallet and your other crypto stuffs. There are quite a lot of scam applications in Google playstore and Apple store, thus you cannot be sure if you are downloading the actual wallet or a phishing application.

Now I'm really scared because most of my crypto apps were downloaded from Google play store. All my wallets including Electrum and Bluewallet and even some exchanges applications were downloaded there. Recently,  I downloaded Uniswap wallet there as well. If scammers can infitrate Google Playstore, the damage will be huge.

What then is your suggestion on safe way to download apps?

Be careful with third-party app developers, majority of them are criminals, the most common crypto thefts happened through google playstore and even Microsoft app store...

I don't completely blame these scammers but the official stores allowing any third-party developers to post their scam apps on the stores, knowing that they are responsible for millions of people visiting the stores to try out apps and software.

Ledger hardware wallet now can't be trusted because of the theft that happened around this year resulting in over 500 million dollars assets lost, the Microsoft store literally allow these third party criminals called developers to make their fake Ledger Live app available for many people.

As gullible as people can be, they thought the app was from Ledger officially, without doing their findings first they went on and connect their hardware wallet, them must have thing that because it's available on the might Microsoft store itself.

At some point, this fake ledger live app asked people to insert their recovery seed phrase and they did, it shows that many people are just running hardware wallet, they don't understand a thing about it, they order for hardware wallet and they believe that it's impenetrable.

There is no amount of security strategy implemented into your hardware wallet, once you insert it into something else apart from that your very hardware wallet you have given your crypto assets away, even if it's Air-gapped, Cold wallet, or whatever, every security is useless once you give your recovery seed away.

Apart from your hardware wallet itself, once something else ask for your recovery seed it's a scam, not even your hardware wallet official website should ask you that.