Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Pages:
Author

Topic: [WARNING] Another Electrum fake app on AppStore!!! (Read 347 times)

Husna QA
legendary
Activity: 2254
Merit: 2852
#SWGT CERTIK Audited
[WARNING] Another Electrum fake app on AppStore!!!
December 06, 2023, 09:56:26 PM
#36
Quote from: seek3r on December 05, 2023, 08:54:29 AM
-snip-
Besides that its always helpful to use strong passwords and activate 2FA. Hardware wallets would add another layer of security ofc.

However, if you refer to the thread's topic, Electrum mobile, which is currently only available for Android smartphones, doesn't even support hardware wallets, as far as I know.
A small note: wallets with 2FA on Electrum have a fee to use this feature. Further information can be seen here: https://api.trustedcoin.com/#/faq.

Quote from: Husna QA on September 05, 2022, 10:11:35 PM
-snip-


Please be careful. Some time ago, the fake Electrum application: 'Electrum Wallet Management' was removed from the AppStore. This time, I saw another fake Electrum application in the AppStore: 'Electrum Wallet Finance'.

seek3r
legendary
Activity: 1260
Merit: 1954
Re: [WARNING] Another Electrum fake app on AppStore!!!
December 05, 2023, 08:54:29 AM
#35
Quote from: cygan on December 02, 2023, 08:45:07 AM
yesterday, the Electrum devs published a very good summary of the most common malware attacks on your wallet.
check out this github link and read it carefully. i hope that this will now reach more users who may have been more careless with the whole thing so far!

Malware (and other avenues of losing money)

It always depends on the users themselves. If you want to make sure you are using the right software, you need to verify the wallet software. There are very simple tips that you should follow:

Always download Electrum from the official website and verify the software's digital signatures. This ensures that the software is authentic and hasn't been tampered with.
Keep your Electrum wallet updated to the latest version. Developers regularly update the software to patch vulnerabilities.

Besides that its always helpful to use strong passwords and activate 2FA. Hardware wallets would add another layer of security ofc.

And ofc dont get fooled by any emails or websites that pretend to be Electrum.
cygan
legendary
Activity: 3122
Merit: 7618
Cashback 15%
Re: [WARNING] Another Electrum fake app on AppStore!!!
December 02, 2023, 08:45:07 AM
#34
yesterday, the Electrum devs published a very good summary of the most common malware attacks on your wallet.
check out this github link and read it carefully. i hope that this will now reach more users who may have been more careless with the whole thing so far!

Malware (and other avenues of losing money)
Z-tight
hero member
Activity: 826
Merit: 1010
Only BTC
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 16, 2023, 07:30:06 AM
#33
Quote from: Volgastallion on November 15, 2023, 10:11:28 PM
Really sad to see this keep happening, we only can pretend to share the knowledge from so no more guys fall into this, but is really difficult.
There are so many people who use BTC, but they do not know much about what they are doing, they do not even know that Electrum doesn't have an ios version. Members' of this forum will easily know things like these, but for people who are not here, it is hard for them.
I just checked for the scam application in my ios device and i can confirm that it has been taken down. I know that nobody should ever download their wallet through Playstore or App store, but maybe Google and Apple have to do better, phishing applications are too much in Playstore and some are now finding their way into App store, just like 'Electrum wallet management' did.
Volgastallion
sr. member
Activity: 462
Merit: 263
CONTEST ORGANIZER
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 15, 2023, 10:11:28 PM
#32
Really sad to see this keep happening, we only can pretend to share the knowledge from so no more guys fall into this, but is really difficult.

I try to push for the companies like Google and Apple were more careful with this things, but they cant do so much asides of register the most important brands who make wallets like electrum fo example, and forbid others with similar names, but you can just fall in legal problems.

The main problem here is they by-pass the troyan analisys because the software in that kind of terms is good, but is more like a social enginering hacking. And the companies of the stores cant do so much about it (sadly). Another thing they can do is to erase fast this app from the store.

blue Snow
legendary
Activity: 1428
Merit: 1022
#SWGT CERTIK Audited
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 15, 2023, 09:17:41 PM
#31
Quote from: AprilioMP on November 15, 2023, 01:39:37 AM
Quote from: blue Snow on November 14, 2023, 10:38:03 PM
many new users don't understand if Electrum can create 1st time (new) wallet offline. If they understand it, it can avoid to recorded online.
I do not want to assume that new users who don't understand if to make new swallows can be offline a lot of them. I want before going to investment and trade, beginners are required to learn how to use a wallet and how to choose a wallet to be able to avoid things that cause losses to the mistakes made by themselves.

Don't be surprised to see users like me too busy in the wallet by asking things that are understood by other users.

Because I was here for a long time and know that the new user doesn't care about how to create a wallet offline, they just think of profit and selling their bitcoin at the right time. That in fact, the new user is going to be busy learning business (Alt), they never care how to save it offline. If they know it, whatever phishing site out there, they will carefull to do not trap it, because they already know how to secure the investment.

The new user always asking many time already questions like he was expecting something here.
Z-tight
hero member
Activity: 826
Merit: 1010
Only BTC
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 15, 2023, 05:27:42 PM
#30
Quote from: cygan on November 15, 2023, 04:13:32 AM
the stolen 0.89 BTC have now been sent from the 1LGou2... address to another following address: https://mempool.space/address/bc1q6xqsh33unk7e3l985awkt9jfs2trn46dkrztfs
this address contains further transactions that have taken place since november 9th and this address has received 2.7 BTC so far
The total received BTC's has gone up from that, it is now above 5 BTC, but the scammer has sent out nearly everything from that address to different addresses and in different transactions. So many people are still falling for this scam and who knows how many people would lose their BTC's, before apple takes this scam app down.
Quote from: Spoofed on November 14, 2023, 11:05:07 AM
CAN I SUE APPLE FOR THIS? Even if just small claims.
I'm not sure you will achieve much if you do this all by yourself, Apple is a giant company and i am sure you will run out of funds if you enter a lawsuit with them. So many people have and are losing money from this scam app, so if they can all collectively make their case on this matter, it may be more productive.
TheUltraElite
legendary
Activity: 2828
Merit: 1213
Call your grandparents and tell them you love them
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 15, 2023, 12:59:35 PM
#29
Quote from: cygan on November 15, 2023, 04:13:32 AM
this address contains further transactions that have taken place since november 9th and this address has received 2.7 BTC so far
I took the opportunity to borrow a friend's iPad and found this scammer app on the app store on Apple still existing and there is literally no way for a normal user who has not downloaded the app to report it to the store authorities.

However the app did not come on its own when searched for "Electrum" but specifically for "Electrum management" and hence there must some method by which the scammers are SEOing the terms in order to point the users to the second one.
cygan
legendary
Activity: 3122
Merit: 7618
Cashback 15%
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 15, 2023, 04:13:32 AM
#28
Quote from: cygan on November 13, 2023, 06:58:51 AM

and it looks like this is the scammer address: https://mempool.space/address/1LGou2YkuYLoFkkixLAd3HK6bVvUqX5BLz


the stolen 0.89 BTC have now been sent from the 1LGou2... address to another following address: https://mempool.space/address/bc1q6xqsh33unk7e3l985awkt9jfs2trn46dkrztfs
this address contains further transactions that have taken place since november 9th and this address has received 2.7 BTC so far
AprilioMP
sr. member
Activity: 322
Merit: 306
Farewell LEO o_e_l_e_o
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 15, 2023, 01:39:37 AM
#27
Quote from: hugeblack on November 14, 2023, 09:44:18 AM
Quote from: AprilioMP on November 14, 2023, 07:10:55 AM
I ask as above because up to now Electrum does not support iOS but macOS (desktop). So, when iPhone users find Elcetrum app in mobile appstore can clearly know that the app is a scam because Electrum mobile is available on Android devices.
On the contrary, beginners do not know the wallet link and may search on Google for a Bitcoin wallet or on the App Store (there are no phishing apps compared to Google Play), and then the site will appear to them as the first result with positive reviews, so some may use it.

Then, what will happen? Smiley Risk of Self -responsibility Smiley


Quote from: blue Snow on November 14, 2023, 10:38:03 PM
Quote from: AprilioMP on November 14, 2023, 07:10:55 AM
This means that the seed phrase given when creating a new wallet is recorded with all of them (the perpetrators) so that users who cannot distinguish between genuine Electrum and fake ones will lose their stored Bitcoin assets.
many new users don't understand if Electrum can create 1st time (new) wallet offline. If they understand it, it can avoid to recorded online.

I do not want to assume that new users who don't understand if to make new swallows can be offline a lot of them. I want before going to investment and trade, beginners are required to learn how to use a wallet and how to choose a wallet to be able to avoid things that cause losses to the mistakes made by themselves.

Don't be surprised to see users like me too busy in the wallet by asking things that are understood by other users.
blue Snow
legendary
Activity: 1428
Merit: 1022
#SWGT CERTIK Audited
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 10:38:03 PM
#26
Quote from: bayu7adi on November 14, 2023, 07:00:47 AM
I think this could be a solution, but unfortunately, it requires an Apple ID to report. I'm not an Apple user, but I really want to contribute and report the app.
As I know, to have an Apple ID is not a must you have an Apple gadget. you can create an Apple ID on website: https://appleid.apple.com/account or when you use Windows PC, follow This link, but you must have iTunes already installed on your PC, and also have phone number to register.

Quote from: AprilioMP on November 14, 2023, 07:10:55 AM
This means that the seed phrase given when creating a new wallet is recorded with all of them (the perpetrators) so that users who cannot distinguish between genuine Electrum and fake ones will lose their stored Bitcoin assets.
many new users don't understand if Electrum can create 1st time (new) wallet offline. If they understand it, it can avoid to recorded online.
cygan
legendary
Activity: 3122
Merit: 7618
Cashback 15%
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 11:39:06 AM
#25
Quote from: Spoofed on November 14, 2023, 11:31:00 AM
✂️
This was unfortunately me 🤦‍♂️

holy shit!!!
unfortunately, i can't answer whether you should take the giant Apple to court because of this. but maybe there are users here who are more familiar with this than i am

but losing over 0.7 BTC in one fell swoop really hurts and I wouldn't want to be in your shoes right now...
why didn't you go directly to downloads on the official Electrum website (even if there is no official app for ios) - what was your train of thought at that moment?
Spoofed
newbie
Activity: 2
Merit: 0
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 11:31:00 AM
#24
Quote from: cygan on November 14, 2023, 08:18:17 AM
btw the next ~0.7BTC are on the way to the scammer/s Shocked
https://mempool.space/tx/8d03c5214fc3cab5ff1c22d58a935a14f3ef7b4ab2f9eea092e6a912abd10b2f

This was unfortunately me 🤦‍♂️
Spoofed
newbie
Activity: 2
Merit: 0
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 11:05:07 AM
#23
This just happened to me. I am the one who was scammed in tx 8d03c5214fc3cab5ff1c22d58a935a14f3ef7b4ab2f9eea092e6a912abd10b2f

I have the seed to the original wallet. The tx is still unconfirmed because I had a pending transaction coming in which was delayed for over 3 days going on 4 now. Went on AppStore to try and download electrum to initiate CPFP and after entering seed phrase in this app it doesn’t do anything I quickly realize what’s happened but it was too late they took that along with another amount that was already on the wallet tx 258f73f68402188ca9fcc328d1531966721b9167b345af53d5284f832f3feeb4 and right after they themselves initiated the CPFP transaction before I could do anything.

Can I make a small claims with Apple in court over this? Literally this is a problem they know about the app has reviews which are posted since Nov. 1 stating it’s fake and it’s been reported and it’s been 2 weeks with no action. On top of the fact that they have let many customers lose millions to these same known scams.

CAN I SUE APPLE FOR THIS? Even if just small claims.
hugeblack
legendary
Activity: 2492
Merit: 3612
Buy/Sell crypto at BestChange
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 09:44:18 AM
#22
Quote from: AprilioMP on November 14, 2023, 07:10:55 AM
I ask as above because up to now Electrum does not support iOS but macOS (desktop). So, when iPhone users find Elcetrum app in mobile appstore can clearly know that the app is a scam because Electrum mobile is available on Android devices.
On the contrary, beginners do not know the wallet link and may search on Google for a Bitcoin wallet or on the App Store (there are no phishing apps compared to Google Play), and then the site will appear to them as the first result with positive reviews, so some may use it.
cygan
legendary
Activity: 3122
Merit: 7618
Cashback 15%
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 08:18:17 AM
#21
btw the next ~0.7BTC are on the way to the scammer/s Shocked
https://mempool.space/tx/8d03c5214fc3cab5ff1c22d58a935a14f3ef7b4ab2f9eea092e6a912abd10b2f
BitMaxz
legendary
Activity: 3234
Merit: 2943
Block halving is coming.
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 08:13:59 AM
#20
Quote from: NotATether on November 14, 2023, 06:44:19 AM
Quote from: BitMaxz on November 13, 2023, 08:17:07 AM
Actually, there's no Electrum installer for iPhone they only support macOS, Android, Linux, and Windows.
And it seems Electrum developers do not have a plan to develop Electrum app on IOS because even if they do release Electrum for iPhone you can't able to install the app if it came from directly on electrum.org.

There's news making the rounds that Apple has plans to enable support for 3rd party app stores (but only for users in Europe). Although I don't know how that would work, I suppose this means that something like the equivalent of F-Droid can be made by some people, and Electrum can publish their app on platform, or even provide a binary that you can download, but opens with that app store by default for the purpose of installation.
It seems that I found the news you talking about here Apple may plan to appeal against the EU App Store law it was published 3 days ago.
According to it "Apple’s engineers have already developed tools to permit third-party stores and app sideloading on its systems, at least in Europe"

That's good news for those who live in Europe but how about other countries? Actually, you can install apps from 3rd party the only problem is you will need to jailbreak the unit to be able to install apps outside the appstore but it's not permanent once you turn off and on the device, the jailbreak is gone and all 3rd party apps won't work.
And another problem is we do not know how safe is jailbreaking just like on Android phones if you root your phone you are vulnerable to any attacks online just like what happened to my old phone which has lots of malware and ads when you connect online.

I hope that Apple decides to support other countries too so that we don't need to use any tools just to jailbreak the unit.
tranthidung
legendary
Activity: 2170
Merit: 3858
Farewell o_e_l_e_o
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 07:18:31 AM
#19
Being paranoid with fake apps on Google Play?

Protect yourself from fake wallet software (guide)
The paranoid user's security guide for using Electrum safely.

People got fake apps because they don't visit an official website to get download links. They also don't verify wallet, PGP key of developers. Only download an application and use it immediately.

They will have more chance to get fake applications if they directly search in Google Play.

Some websites to check wallet applications and I mean for double checking. Verify PGP key is most important.
https://walletscrutiny.com/
https://www.cryptowisser.com/wallets/

This one https://bitcoin.org/en/choose-your-wallet, with some filters to choose a Bitcoin wallet. Below is some filters I used to narrow down the list of wallets to Electrum.
https://bitcoin.org/en/wallets/mobile/android/electrum/?step=5&platform=android&user=experienced&important=control,fees&features=bech32,lightning,multisig,segwit
AprilioMP
sr. member
Activity: 322
Merit: 306
Farewell LEO o_e_l_e_o
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 07:10:55 AM
#18
Quote from: Husna QA on November 14, 2023, 06:45:25 AM
Quote from: AprilioMP on November 14, 2023, 06:10:49 AM
What about users who download the application and choose to create a new wallet instead of selecting the I already have a wallet option? Will they lead to a Mnemonic or private key request like importing from an existing wallet.

When you create a new wallet, you will generate a new Seed phrase. It is no different from the import wallet option. Because the Seed phrase is still input there. I'm sure it will also be sent to the scammer.

This means that the seed phrase given when creating a new wallet is recorded with all of them (the perpetrators) so that users who cannot distinguish between genuine Electrum and fake ones will lose their stored Bitcoin assets.

Quote from: Husna QA on November 14, 2023, 06:45:25 AM
What is clear, make sure to download using the link from the official Electrum website (https://electrum.org/#download), even for the Android version of Electrum. Don't search manually on Playstore or other stores such as AppStore. Moreover, until now, there is no Electrum for iOS users.

I ask as above because up to now Electrum does not support iOS but macOS (desktop). So, when iPhone users find Elcetrum app in mobile appstore can clearly know that the app is a scam because Electrum mobile is available on Android devices.


https://electrum.org/#download

Thank you Husna QA
bayu7adi
hero member
Activity: 1358
Merit: 538
paper money is going away
Re: [WARNING] Another Electrum fake app on AppStore!!!
November 14, 2023, 07:00:47 AM
#17
The scammer is pretty clever... they didn't embed any malware or other threats that AppStore reviewers could catch. Most likely, its function is just to import private keys. So, the focus of the review process before accepting it for launch on the AppStore, like ransomware, spam, spyware, trojan, ad bots, and other virus types, was intentionally left out.

But it's quite surprising too. Why a major platform like the AppStore did not recognize Electrum and checking deeper into verifying it? Does simply having 'Management' in the app's name make it seem like a new and non-suspicious brand here?

Quote from: Husna QA on November 14, 2023, 02:14:33 AM
Yesterday, I reported the fake Electrum wallet application to Apple (https://reportaproblem.apple.com/).
I think this could be a solution, but unfortunately, it requires an Apple ID to report. I'm not an Apple user, but I really want to contribute and report the app.
Pages:
Bitcoin Forum>Bitcoin>Development & Technical Discussion>Wallet software>Electrum
Jump to: