Pirated Encryption Software Rampant: Beware of Hidden Dangers in the App Store

The cryptocurrency boom has brought countless related apps into mobile app stores, providing users with various tools for trading, investing, and managing digital assets. However, among these are cleverly disguised scam apps that threaten users' asset security.

This article takes Apple's App Store as an example to expose the phenomenon of counterfeit cryptocurrency software in app stores, analyze the reasons behind it, and illustrate the dangers of counterfeit apps through real cases to raise user awareness.

Current Situation of Counterfeit Cryptocurrency Apps

Taking Magic Eden and Jupiter as examples, these two apps are well-known in the cryptocurrency field and have become targets for scammers to counterfeit.

Magic Eden, a popular multi-chain NFT marketplace, provides users with a platform to buy, sell, and discover digital artworks. However, on March 7, Magic Eden team member Voh discovered that a counterfeit app on the App Store was exploiting ME's reputation to commit fraud.

The scam app mimicked the official website and user interface, tricking users into downloading and using the app, and then demanding sensitive information such as wallet private keys to carry out fraud.

Voh stated, "The software is region-specific, and U.S. users cannot access the app. Since there is no official Magic Eden mobile app on the iOS App Store and Google PlayStore, unsuspecting users find it hard to detect the authenticity of this malicious app."

Similarly, the decentralized exchange based on Solana, Jupiter, also saw counterfeit apps. Reviews under the app were filled with "SCAM ALERT" warnings. Victims who downloaded the app from the Apple App Store and linked their wallets found $1,250 stolen after authorization.

Moreover, the app would steal users' seed phrases to commit theft.

Analysis of Jupiter Scam Address

Victim KryptoSub reported on social media that after downloading a counterfeit Jupiter app from the App Store and linking his wallet, his seed phrase was stolen, resulting in the clearing of his entire chain assets. Based on the scam address "0x9e82530383d81725ec950ee51d116bde8bdc859e" provided by KryptoSub, we conducted further analysis.

We found that from January 11, 2024, at 20:21:23 to March 30, 2024, at 09:19:59, this address stole the seed phrases of 298 suspected victims, with funds flow amounting to 353.6 $ETH and 330,500 $USDT. Most of the cryptocurrency flowing into this address were various altcoins, which the hacker exchanged for $USDT using 1inch. The profits were then hoarded in four different addresses, with some funds transferred through the Allbridge cross-chain bridge or directly into Binance exchange. Currently, the address has been marked as a phishing address by Ethereum scam and ceased phishing activities on March 30.

It is evident that the threat of counterfeit cryptocurrency apps is real and urgent. These fraudulent activities not only harm users' interests but also negatively impact the reputation of related brands. The cryptocurrency boom has raised the bar for the application review process on mobile stores like the App Store.

Why Counterfeit Apps are Rampant

Review Process Loopholes Despite Apple's strict application review process, some fraudulent apps slip through the cracks. Developers may exploit loopholes in the review process, allowing counterfeit or fraudulent apps to pass temporarily.

Reportedly, Apple typically relies on automated tools and manual checks to assess the security of applications. Once an app is approved, if it is later used for malicious purposes, it takes some time for Apple to detect and remove it. Criminals exploit this time gap to rapidly spread malicious software, causing harm to unsuspecting users.

Abuse of Technical Means Malicious developers may also use advanced technical means to evade security checks. Techniques such as code obfuscation and dynamic content loading can conceal the app's true intentions, making it difficult for automated security detection tools to identify their fraudulent nature. These methods provide a layer of protection for counterfeit apps, making them appear as legitimate software during reviews.

Exploitation of User Trust Counterfeit app developers mimic the appearance and name of well-known apps, leveraging users' brand awareness and trust to mislead them into downloading and using the apps. Since users generally believe that apps in the App Store are rigorously screened, they may not conduct necessary reviews, making them more susceptible to fraud.

To prevent such occurrences, app stores like the App Store should continually improve their application review processes; official projects should promptly combat counterfeiting; cryptocurrency users should take preventive measures, such as verifying developer information, carefully checking app ratings and feedback before downloading, and promptly reporting suspicious apps.