Common Scams on Mobile Devices_THE

CommunitySubmission-Author:WhoTookMyCrypto.com

2017wasaremarkableyearforthecryptocurrencyindustryastheirrapidincreaseinvaluationspropelledthemintomainstreammedia.Unsurprisingly,thisgarneredthemimmenseinterestfromboththegeneralpublicaswellascybercriminals.Therelativeanonymityofferedbycryptocurrencieshasmadethemafavouriteamongstcriminalswhooftenusethemtobypasstraditionalbankingsystemsandavoidfinancialsurveillancefromregulators.

Giventhatpeoplearespendingmoretimeontheirsmartphonesthandesktops,itisthusnotsurprisingthatcybercriminalshavealsoturnedtheirattentiontothem.Thefollowingdiscussionhighlightshowscammershavebeentargetingcryptocurrencyusersthroughtheirmobiledevices,alongwithafewstepsthatuserscantaketoprotectthemselves.

Fakecryptocurrencyapps

Fakecryptocurrencyexchangeapps

Themostwell-knownexampleofafakecryptocurrencyexchangeappisprobablytheoneofPoloniex.PriortothelaunchoftheirofficialmobiletradingappinJuly2018,GooglePlaywasalreadylistingseveralfakePoloniexexchangeapps,whichwereintentionallydesignedtobefunctional.ManyusersthatdownloadedthosefraudulentappshadtheirPoloniexlogincredentialscompromised,andtheircryptocurrencieswerestolen.SomeappsevenwentastepfurtherrequestingthelogincredentialsofusersGmailaccounts.Itisimportanttohighlightthatonlyaccountswithouttwo-factorauthentication(2FA)werecompromised.

COMP突破810美元關口 日內漲幅為1.4%:歐易OKEx數據顯示，COMP短線上漲，突破810美元關口，現報810.24美元，日內漲幅達到1.4%，行情波動較大，請做好風險控制。[2021/5/11 21:48:19]

Thefollowingstepscanhelpprotectyouagainstsuchscams.

Checktheexchange’sofficialwebsitetoverifyiftheyindeedofferamobiletradingapp.Ifso,usethelinkprovidedontheirwebsite.Readthereviewsandratings.Fraudulentappsoftenhavemanybadreviewswithpeoplecomplainingaboutgettingscammed,somakesuretocheckthembeforeyoudownload.However,youshouldalsobescepticalofappsthatpresentperfectratingsandcomments.Anylegitimateapphasitsfairshareofnegativereviews.Checktheappdeveloperinformation.Lookforwhetheralegitimatecompany,emailaddress,andwebsiteareprovided.Youshouldalsoperformanonlinesearchontheinformationprovidedtoseeiftheyarereallyrelatedtotheofficialexchange.Checkthenumberofdownloads.Thedownloadcountshouldalsobeconsidered.Itisunlikelythatahighlypopularcryptocurrencyexchangewouldhaveasmallnumberofdownloads.Activate2FAonyouraccounts.Althoughnot100%secure,2FAismuchhardertobypassandcanmakeahugedifferenceinprotectingyourfunds,evenifyourlogincredentialsarephished.Fakecryptocurrencywalletapps

Therearemanydifferenttypesoffakeapps.Onevariationseekstoobtainpersonalinformationfromuserssuchastheirwalletpasswordsandprivatekeys.

Compound公布第一份社區治理提議 將在Compound上使用USDT:根據社區成員的投票，Defi借貸協議Compound公布了第一份社區治理提議，即在Compound上使用USDT，正式開啟了Compound社區治理系統的公測。（ETH中文網）[2020/4/27]

Insomecases,fakeappsprovidepreviouslygeneratedpublicaddressestousers.Sotheyassumefundsaretobedepositedintotheseaddresses.However,theydonotgainaccesstotheprivatekeysandthusdonothaveaccesstoanyfundsthataresenttothem.

SuchfakewalletshavebeencreatedforpopularcryptocurrenciessuchasEthereumandNeoand,unfortunately,manyuserslosttheirfunds.Herearesomepreventivestepsthatcanbetakentoavoidbecomingavictim:

Theprecautionshighlightedintheexchangeappsegmentaboveareequallyapplicable.However,anadditionalprecautionyoucantakewhendealingwithwalletappsistomakesurebrandnewaddressesaregeneratedwhenyoufirstopentheapp,andthatyouareinpossessionoftheprivatekeys(ormnemonicseeds).Alegitimatewalletappallowsyoutoexporttheprivatekeys,butitisalsoimportanttoensurethegenerationofnewkeypairsisnotcompromised.Soyoushoulduseareputablesoftware(preferablyopensource).Eveniftheappprovidesyouaprivatekey(orseed),youshouldverifywhetherthepublicaddressescanbederivedandaccessedfromthem.Forexample,someBitcoinwalletsallowuserstoimporttheirprivatekeysorseedstovisualizetheaddressesandaccessthefunds.Tominimizetherisksofkeysandseedsbeingcompromised,youmayperformthisonanair-gappedcomputer(disconnectedfromtheinternet).Cryptojackingapps

動態 | Crypto.com與Xfers合作，用戶將能夠使用新加坡元交易加密貨幣:在新加坡金融科技節上，Crypto.com宣布與新加坡金融科技公司Xfers合作，將為其用戶提供用新加坡元（SGD）買賣加密貨幣的能力。Crypto.com用戶將能夠快速購買和出售主流加密貨幣，包括BTC、ETH、LTC、XRP及其自己的MCO和CRO代幣。另一項合作將是Crypto為Xfers的試點穩定幣計劃StraitsX和XSGD穩定幣提供支持。與新加坡元掛鉤的穩定幣將被引入Crypto.com Pay，這是一種用于客戶和商家之間結算的移動支付解決方案。（CryptoBriefing）[2019/11/13]

Cryptojackinghasbeenahotfavoriteamongstcybercriminalsduetothelowbarrierstoentryandlowoverheadsrequired.Furthermore,itoffersthemthepotentialforlong-termrecurringincome.DespitetheirlowerprocessingpowerwhencomparedtoPCs,mobiledevicesareincreasinglybecomingatargetofcryptojacking.

Apartfromweb-browsercryptojacking,cybercriminalsarealsodevelopingprogramsthatappeartobelegitimategaming,utilityoreducationalapps.However,manyoftheseappsaredesignedtosecretlyruncrypto-miningscriptsinthebackground.

Therearealsocryptojackingappsthatareadvertisedaslegitimatethird-partyminers,buttherewardsaredeliveredtotheappdeveloperinsteadoftheusers.

Tomakethingsworse,cybercriminalshavebecomeincreasinglysophisticated,deployinglightweightminingalgorithmstoavoiddetection.

Cryptojackingisincrediblyharmfultoyourmobiledevicesastheydegradeperformanceandaccelerateswearandtear.Evenworse,theycouldpotentiallyactasTrojanhorsesformorenefariousmalware.

動態 | 數據顯示：近一周礦池算力份額 BTC.com居首位:據BTC.com數據顯示，截至2018年9月22日，近一周時間里，礦池份額(根據出塊數據計算)前五位的礦池分別為： 1.BTC.com，算力占比為16.8%，算力為8.60EH/s； 2.ViaBTC，算力占比為13.87%，算力為7.10EH/s； 3. SlushPool，算力占比為11.72%，算力為6.00EH/s； 4.AntPool，算力占比為10.94%，算力為5.60EH/s； 5.BTC.TOP，算力占比為9.77%，算力為5.00EH/s。[2018/9/22]

Thefollowingstepscanbetakentoguardagainstthem.

Onlydownloadappsfromofficialstores,suchasGooglePlay.Piratedappsarenotpre-scannedandaremorelikelytocontaincryptojackingscripts.Monitoryourphoneforexcessivebatterydrainingoroverheating.Oncedetected,terminateappsthatarecausingthis.Keepyourdeviceandappsupdatedsothatsecurityvulnerabilitiesgetpatched.Useawebbrowserthatguardsagainstcryptojackingorinstallreputablebrowserplug-ins,suchasMinerBlock,NoCoin,andAdblock.Ifpossible,installmobileantivirussoftwareandkeepitupdated.Freegiveawayandfakecrypto-minerapps

Theseareappsthatpretendtominecryptocurrenciesfortheirusersbutdon’tactuallydoanythingapartfromdisplayingads.Theyincentivizeuserstokeeptheappsopenbyreflectinganincreaseintheuser’srewardsovertime.Someappsevenincentivizeuserstoleave5-starratingsinordertogetrewards.Ofcourse,noneoftheseappswereactuallymining,andtheirusersneverreceivedanyrewards.

Roger Ver遭Bitcoin.com用戶起訴:據BTCManager、Bitcoinist消息，600多名Bitcoin.com用戶已對比特幣耶穌Roger Ver提起訴訟，因其誘導新用戶購買BCH，進行虛假宣傳甚至有詐騙行為。其誘導詐騙跡象有以下六點：1.Roger Ver在其社交媒體大肆宣傳不知名的比特幣交易平臺Bitxoxo是印度最大交易所，并稱其將會推出BCH；2.Roger Ver創建的Bitcoin.com網站中顯示著Bitcoin是BCH，Bitcoin Core是BTC；3.Roger擁有@Bitcoin的推特賬戶，并用其推廣BCH并批評BTC；4.Reddit的BCH的社區將Roger作為社區ICO顧問，即Roger推廣其ICO以換取社區促進BCH交易；5.在Google輸入購買比特幣并點開bitcoin.com的網站，可以看到“購買BCH”的選項在“購買BTC”之上，并且徽標非常相似；6.Bitcoin.com的“BTC課程”，故意模糊BTC和BCH的區別。[2018/4/28]

Toguardagainstthisscam,understandthatforthemajorityofcryptocurrencies,miningrequireshighlyspecializedhardware(ASICs),meaningitisnotfeasibletomineonamobiledevice.Whateveramountsyouminewouldbetrivialatbest.Stayawayfromanysuchapps.

ClipperappsSuchappsalterthecryptocurrencyaddressesyoucopyandreplacethemwiththoseoftheattacker.Thus,whileavictimmaycopythecorrectrecipientaddress,theonetheypastetoprocessthetransactionisreplacedbythoseoftheattacker.

Toavoidfallingvictimtosuchapps,herearesomeprecautionsyoucantakewhenprocessingtransactions.

Alwaysdoubleandtriplechecktheaddressyouarepastingintotherecipientfield.Blockchaintransactionsareirreversiblesoyoushouldalwaysbecareful.Itisbesttoverifytheentireaddressinsteadofjustportionsofit.Someappsareintelligentenoughtopasteaddressesthatlooksimilartoyourintendedaddress.SIMswappingInaSIMswappingscam,acybercriminalgainsaccesstothephonenumberofauser.TheydothisbyemployingsocialengineeringtechniquestotrickmobilephoneoperatorsintoissuinganewSIMcardtothem.Themostwell-knownSIMswappingscaminvolvedcryptocurrencyentrepreneurMichaelTerpin.HeallegedthatAT&Twasnegligentintheirhandlingofhismobilephonecredentialsresultinginhimlosingtokensvaluedatmorethan20millionUSdollars.

Oncecybercriminalshavegainedaccesstoyourphonenumber,theycanuseittobypassany2FAthatreliesonthat.Fromthere,theycanworktheirwayintoyourcryptocurrencywalletsandexchanges.

AnothermethodcybercriminalscanemployistomonitoryourSMScommunications.Flawsincommunicationsnetworkscanallowcriminalstointerceptyourmessageswhichcanincludethesecond-factorpinmessagedtoyou.

Whatmakesthisattackparticularlyconcerningisthatusersarenotrequiredtoundertakeanyaction,suchasdownloadingafakesoftwareorclickingamaliciouslink.

Topreventfallingpreytosuchscams,herearesomestepstoconsider.

DonotuseyourmobilephonenumberforSMS2FA.Instead,useappslikeGoogleAuthenticatororAuthytosecureyouraccounts.Cybercriminalsareunabletogainaccesstotheseappseveniftheypossessyourphonenumber.Alternatively,youmayusehardware2FAsuchasYubiKeyorGoogle'sTitanSecurityKey.Donotrevealpersonalidentifyinginformationonsocialmedia,suchasyourmobilephonenumber.Cybercriminalscanpickupsuchinformationandusethemtoimpersonateyouelsewhere.Youshouldneverannounceonsocialmediathatyouowncryptocurrenciesasthiswouldmakeyouatarget.Orifyouareinapositionwhereeveryonealreadyknowsyouownthem,thenavoiddisclosingpersonalinformationincludingtheexchangesorwalletsyouuse.Makearrangementswithyourmobilephoneproviderstoprotectyouraccount.Thiscouldmeanattachingapinorpasswordtoyouraccountanddictatingthatonlyuserswithknowledgeofthepincanmakechangestotheaccount.Alternatively,youcanrequiresuchchangestobemadeinpersonanddisallowthemoverthephone.WiFiCybercriminalsareconstantlyseekingentrypointsintomobiledevices,especiallytheonesofcryptocurrencyusers.OnesuchentrypointisthatofWiFiaccess.PublicWiFiisinsecureandusersshouldtakeprecautionsbeforeconnectingtothem.Ifnot,theyriskcybercriminalsgainingaccesstothedataontheirmobiledevices.TheseprecautionshavebeencoveredinthearticleonpublicWiFi.

ClosingthoughtsMobilephoneshavebecomeanessentialpartofourlives.Infact,theyaresointertwinedwithyourdigitalidentitythattheycanbecomeyourgreatestvulnerability.Cybercriminalsareawareofthisandwillcontinuetofindwaystoexploitthis.Securingyourmobiledevicesisnolongeroptional.Ithasbecomeanecessity.Staysafe.

Tags：THEINGYOUAPPEtherum代幣瀏覽器SHIBKING幣YOUCashAPPC幣

比特幣