Author

Topic: [SCAM] Fake Atomic wallet phishing app (Read 149 times)

legendary
Activity: 2436
Merit: 1189
Need Campaign Manager?PM on telegram @sujonali1819
July 10, 2020, 09:54:36 AM
#6
Website:
Code:
https://play.google.com/store/apps/details?id=com.atomicwallet.atomicwalletmanager
It seems the link showing error. Maybe it removed from google play store. It's really a good job by google.

Actually, scams are everywhere nowadays. And it really very hard to alive on the internet for some unaware people. And these types of fake wallets play a vital role to stop them. So we have to aware of it and we should report these wallets ASAP after seeing.
newbie
Activity: 7
Merit: 4
July 10, 2020, 09:29:21 AM
#5
I have decompiled the APK and reported to AtomicWallet via Twitter DM

The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform)

Can you indicate here the apk codes that has the line that leads to that file? Knowing that it redirects to a google form then sends to the attacker wouldn't be enough, evidences such as screenshots or the real code will do.. The file you've indicated only is I guess a dummy file form. If they would use google, wouldn't it be that hard and difficult to link due to security measures of google?

Now I see why they only need network access permission, so that they could redirect the user's phrases input in the fake app.

For sure. They use the GoogleForm to host the submitted data, but have a custom HTML view to make it look more legitimate

https://i.imgur.com/JAIiQ9L.png
https://i.imgur.com/jWoXYcU.png

Here's a video of me running the webviewed HTML file on a local server: https://youtu.be/-Z00p-l5KIM
hero member
Activity: 2184
Merit: 891
Leading Crypto Sports Betting and Casino Platform
July 10, 2020, 09:02:35 AM
#4
I have decompiled the APK and reported to AtomicWallet via Twitter DM

The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform)

Can you indicate here the apk codes that has the line that leads to that file? Knowing that it redirects to a google form then sends to the attacker wouldn't be enough, evidences such as screenshots or the real code will do.. The file you've indicated only is I guess a dummy file form. If they would use google, wouldn't it be that hard and difficult to link due to security measures of google?

Now I see why they only need network access permission, so that they could redirect the user's phrases input in the fake app.
newbie
Activity: 7
Merit: 4
July 09, 2020, 07:48:15 PM
#3
I have decompiled the APK and reported to AtomicWallet via Twitter DM

The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform)
hero member
Activity: 2184
Merit: 891
Leading Crypto Sports Betting and Casino Platform
July 09, 2020, 08:53:17 AM
#2
~

FLAG SUPPORTED!

I've also looked at the fake app's permission and it was too suspicious as it only requires full network access permission while most wallets needs almost everything, and the fake wallet app's features contradicts it's permission required. Also, its file size seems to only need its phishing activities to run as crypto wallet.


Good catch op!
legendary
Activity: 2212
Merit: 7064
July 09, 2020, 08:29:36 AM
#1
What happened: Fake Atomic Wallet app that is phishing for your seed words and private key.
Do NOT download and install this!
REPORT IT

Website:
Code:
https://play.google.com/store/apps/details?id=com.atomicwallet.atomicwalletmanager
Archive: http://archive.vn/jD5tw
ANN:not found





Real and original Atomic wallet app is only this:
https://play.google.com/store/apps/details?id=io.atomicwallet
Jump to: