Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday May 24 2019, @09:04PM   Printer-friendly
from the Who-can-you-trust-and-how-do-you-verify? dept.

https://arstechnica.com/information-technology/2019/05/fake-cryptocurrency-apps-on-google-play-try-to-profit-on-bitcoin-price-surge/

Google's official Play Store has been caught hosting malicious apps that targeted Android users with an interest in cryptocurrencies, researchers reported on Thursday.

In all, researchers with security provider ESET recently discovered two fraudulent digital wallets. The first, called Coin Wallet, let users create wallets for a host of different cryptocurrencies. While Coin Wallet purported to generate a unique wallet address for users to deposit coins, the app in fact used a developer-owned wallet for each supported currency, with a total of 13 wallets. Each Coin Wallet user was assigned the same wallet address for a specific currency.

A second fraudulent Android wallet used the name "Trezor Mobile Wallet" in an attempt to impersonate the widely used hardware cryptocurrency wallet Trezor. The app then instructed users to enter login data and sent it to a server controlled by the developers. Multiple security layers built into real Trezor wallets prevented any credentials entered from accessing legitimate accounts. Still, any email addresses or other personal data could potentially be used in phishing attacks.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by VLM on Friday May 24 2019, @10:59PM (1 child)

    by VLM (445) Subscriber Badge on Friday May 24 2019, @10:59PM (#847402)

    Its interesting to compare and contrast with the well known problem that google manages developer misconduct entirely via automated shell scripts and the like as per the Reddit discussions of insane Google developer banning anecdotes.

    Its very easy to write a shell script that bans for life anyone related to an app that doesn't have link to a privacy policy, so Google does stuff like that. On the other hand, writing a shell script to ban developers for life if they write a "log into some service and perform financial transactions" requires an educated human at least 100 IQ not a shell script, so google simply cannot filter out that kind of crime.

    If you don't "do" GDPR but do "do" Firebase crash reporting and you sell in the EU, its easy to write a script to ban that dev for life, so google does that. Its very hard to write a bash script that has enough AI to determine if fraudulent financial transactions are happening, so they are free to upload all manner of phishing.

    Its really not a cryptocurrency thing; its just a headline grabber. Could just as well have been some online store clone or a fake app for your local credit union or any manner of things that can't be automated by a very small shell script.

    Google support really is awful, I'm sad to say. There simply are not humans involved or at most they're doing "Chinese Room" things using mturk-alike systems. I hate dealing with google as part of doing android dev work. I literally prefer dealing with the IRS, its that bad. Ability to provide horribly bad service is one of the many benefits of being an unregulated (for now) monopoly.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Interesting) by darkfeline on Saturday May 25 2019, @08:53AM

    by darkfeline (1030) on Saturday May 25 2019, @08:53AM (#847544) Homepage

    To understand Google, you have to understand that Google has very few employees, given the scope of their services. Simply offering customer support for most of the Web's users (e.g., most people who browse the Web use at least one of Google's services) would require magnitudes more people than Google employs currently.

    Example: https://www.seroundtable.com/google-support-staff-limits-13916.html [seroundtable.com] Google says Google has just shy of 100k employees at the moment, you can do some basic math across all of Google's services (Search, YouTube, Maps, Gmail, Drive, etc.)

    This is why almost everything Google does is automated. "Shell scripts", as you say, although Google calls it "AI", which is somewhat more advanced than Bash. This is also why Google has bad support, or rather nonexistent support. No one can afford to provide support on Google's scale; customer support has inverse economy of scale (cost grows faster than linearly in the long run, since you need extra managers/overhead to manage customer support people, and there's a minimum bar of quality you need to hit, or you're better off not having the customer service in the first place, so you can't keep cutting costs/outsourcing forever).

    The IRS actually has very good support, so it's not a fair comparison. The IRS literally depends on taxpayers to pay money; it's in their best interest to make it easy for taxpayers to pay taxes (when TurboTax isn't sabotaging them anyway). It's oft said that if you're going to be in debt, the IRS are the best creditors you can have.

    --
    Join the SDF Public Access UNIX System today!