As the cryptocurrency market continues to generate global interest, the number of crypto scams is on the rise. We’ve previously looked at five cryptocurrency scams that shook the world, with this latest one quite possibly being sneaky and illicit enough to make it onto that lift. Users that download cryptocurrency apps need to be aware, as there is a malicious Ethereum app doing the rounds that has the potential to do some serious harm. Disguised as an Ethereum product, the app from the bizarrely named Google Commerce Ltd promised to issue users a single Ethereum token in return for installing the app – at a cost of $388 per download.
Yet Another Cryptocurrency Scam
While many savvy investors will have seen this scam from a mile away, as practically nobody is giving away Ethereum tokens, some have been duped. Approximately 100 people have fallen for the con, earning the criminals behind it more than $388,000. For every costly download, instead of the promised token, the user would receive a picture of the Ethereum logo, which we are sure came with plenty of regret.
The app itself hasn’t been updated in over a year, with it seemingly allowed to languish on the Google Play Store unnoticed. It’s pretty alarming that this has been allowed to happen, especially when the company behind the scam app actually bears the same name – you would have assumed that this would be a major red flag. It doesn’t take long to figure out that Google Commerce Ltd is a fake company, but the real Google has only stepped up to remove the app in the wake of negative publicity.
Google Play Protect Falls Short
What makes this entire situation several times worse is that Google Play Protect, the system that’s supposed to stop malware slipping through the cracks, failed to spot the issue. Maybe this is because it wasn’t seeking login details or acting as a clone of another app, but there is no denying that it was still malicious. Funnily enough, Google would have been receiving payments from Google Commerce Ltd as the fake Ethereum app was downloaded, much like it would from any other app.
Google should really be the front line of web and app security, so this incident really raises plenty of questions. It’s banned cryptocurrency apps, yet this scam app was allowed to operate for over a year past its last update – the reality is that it should never have made it to the app store to begin with. This isn’t the only instance of Google’s supposed crypto ban being loosely implemented. JSECoin is another case of an app going live on the Google App Store when it shouldn’t have done.
Take cryptocurrencies out of the equation and Google’s methods for taking down and removing illicit apps are pretty effective. Last year around 70,000 apps were pulled from the Google Play Store, with most of these deemed to have abusive content. The evidence shows that when Google wants to clamp down on illegal activity within the App Store it can, but it seems that crypto acts just aren’t a priority – in spite of the highly publicized ban.
Targeting the Vulnerable
Con artists and criminals have been investing heavily in cryptocurrency mobile scams, as they see a vulnerable audience waiting to be exploited. Google Play has apparently discovered countless apps over the years that impersonate and mimic famous crypto exchanges, luring users in and using malware to use the device’s power for mining without the user’s knowledge.
No Such Thing as “Free Ethereum”
The lack of control from Google is alarming, but this fake Ethereum app being allowed to scam users for so long shouldn’t shock anyone. The reality is that nobody is simply giving away Ethereum tokens. Just look at Ethereum CEO Vitalik Buterin, he even puts in his Twitter handle that he is “Vitalik Non-giver of Ether” to ward off those who believe that cheap or free Ethereum tokens are that easy to get. Remember, as the old saying goes, there is no such thing as a free lunch, while there is no such thing as free Ether either.
