THE:Common Scams on Mobile Devices_APP

CommunitySubmission-Author:WhoTookMyCrypto.com

2017wasaremarkableyearforthecryptocurrencyindustryastheirrapidincreaseinvaluationspropelledthemintomainstreammedia.Unsurprisingly,thisgarneredthemimmenseinterestfromboththegeneralpublicaswellascybercriminals.Therelativeanonymityofferedbycryptocurrencieshasmadethemafavouriteamongstcriminalswhooftenusethemtobypasstraditionalbankingsystemsandavoidfinancialsurveillancefromregulators.

Giventhatpeoplearespendingmoretimeontheirsmartphonesthandesktops,itisthusnotsurprisingthatcybercriminalshavealsoturnedtheirattentiontothem.Thefollowingdiscussionhighlightshowscammershavebeentargetingcryptocurrencyusersthroughtheirmobiledevices,alongwithafewstepsthatuserscantaketoprotectthemselves.

Fakecryptocurrencyapps

Fakecryptocurrencyexchangeapps

Themostwell-knownexampleofafakecryptocurrencyexchangeappisprobablytheoneofPoloniex.PriortothelaunchoftheirofficialmobiletradingappinJuly2018,GooglePlaywasalreadylistingseveralfakePoloniexexchangeapps,whichwereintentionallydesignedtobefunctional.ManyusersthatdownloadedthosefraudulentappshadtheirPoloniexlogincredentialscompromised,andtheircryptocurrencieswerestolen.SomeappsevenwentastepfurtherrequestingthelogincredentialsofusersGmailaccounts.Itisimportanttohighlightthatonlyaccountswithouttwo-factorauthentication(2FA)werecompromised.

Composable Finance：額外5%的獎勵將分發給所有參與眾貸質押的用戶:10月30日消息，流動性基礎設施協議Composable Finance發推稱，平臺鎖倉量已超過10萬枚KSM，因此額外的5%獎勵現在生效，這些獎勵將分發給所有參與眾貸質押的用戶。[2021/10/30 6:21:58]

Thefollowingstepscanhelpprotectyouagainstsuchscams.

Checktheexchange’sofficialwebsitetoverifyiftheyindeedofferamobiletradingapp.Ifso,usethelinkprovidedontheirwebsite.Readthereviewsandratings.Fraudulentappsoftenhavemanybadreviewswithpeoplecomplainingaboutgettingscammed,somakesuretocheckthembeforeyoudownload.However,youshouldalsobescepticalofappsthatpresentperfectratingsandcomments.Anylegitimateapphasitsfairshareofnegativereviews.Checktheappdeveloperinformation.Lookforwhetheralegitimatecompany,emailaddress,andwebsiteareprovided.Youshouldalsoperformanonlinesearchontheinformationprovidedtoseeiftheyarereallyrelatedtotheofficialexchange.Checkthenumberofdownloads.Thedownloadcountshouldalsobeconsidered.Itisunlikelythatahighlypopularcryptocurrencyexchangewouldhaveasmallnumberofdownloads.Activate2FAonyouraccounts.Althoughnot100%secure,2FAismuchhardertobypassandcanmakeahugedifferenceinprotectingyourfunds,evenifyourlogincredentialsarephished.Fakecryptocurrencywalletapps

Blockchain.com 平臺總交易量突破一萬億美元:加密貨幣錢包和交易平臺Blockchain.com首席財務官 Macrina Kgil 稱，在平臺上交易的加密貨幣超過了1萬億美元。自2012年以來，已經處理了近三分之一的比特幣網絡交易，其中大部分交易都是在過去兩年中通過 Blockchain.com 錢包處理的。Macrina Kgil表示，目前活躍的Blockchain.com錢包數量超過7600萬，平臺的增長來源于用戶、資管公司的參與和經紀與交易業務的增長。[2021/8/30 22:47:25]

Therearemanydifferenttypesoffakeapps.Onevariationseekstoobtainpersonalinformationfromuserssuchastheirwalletpasswordsandprivatekeys.

Insomecases,fakeappsprovidepreviouslygeneratedpublicaddressestousers.Sotheyassumefundsaretobedepositedintotheseaddresses.However,theydonotgainaccesstotheprivatekeysandthusdonothaveaccesstoanyfundsthataresenttothem.

SuchfakewalletshavebeencreatedforpopularcryptocurrenciessuchasEthereumandNeoand,unfortunately,manyuserslosttheirfunds.Herearesomepreventivestepsthatcanbetakentoavoidbecomingavictim:

Theprecautionshighlightedintheexchangeappsegmentaboveareequallyapplicable.However,anadditionalprecautionyoucantakewhendealingwithwalletappsistomakesurebrandnewaddressesaregeneratedwhenyoufirstopentheapp,andthatyouareinpossessionoftheprivatekeys(ormnemonicseeds).Alegitimatewalletappallowsyoutoexporttheprivatekeys,butitisalsoimportanttoensurethegenerationofnewkeypairsisnotcompromised.Soyoushoulduseareputablesoftware(preferablyopensource).Eveniftheappprovidesyouaprivatekey(orseed),youshouldverifywhetherthepublicaddressescanbederivedandaccessedfromthem.Forexample,someBitcoinwalletsallowuserstoimporttheirprivatekeysorseedstovisualizetheaddressesandaccessthefunds.Tominimizetherisksofkeysandseedsbeingcompromised,youmayperformthisonanair-gappedcomputer(disconnectedfromtheinternet).Cryptojackingapps

慢霧：Furucombo被盜資金發生異動，多次使用1inch進行兌換:據慢霧MistTrack，2月28日攻擊Furucombo的黑客地址（0xb624E2...76B212）于今日發生異動。黑客通過1inch將342 GRO、69 cWBTC、1700萬cUSDC兌換成282 ETH，并將147ETH從Compound轉入到自己的地址，截至目前該黑客地址余額約170萬美元，另一個黑客地址余額為約1200萬美元。[2021/3/3 18:12:14]

Cryptojackinghasbeenahotfavoriteamongstcybercriminalsduetothelowbarrierstoentryandlowoverheadsrequired.Furthermore,itoffersthemthepotentialforlong-termrecurringincome.DespitetheirlowerprocessingpowerwhencomparedtoPCs,mobiledevicesareincreasinglybecomingatargetofcryptojacking.

Apartfromweb-browsercryptojacking,cybercriminalsarealsodevelopingprogramsthatappeartobelegitimategaming,utilityoreducationalapps.However,manyoftheseappsaredesignedtosecretlyruncrypto-miningscriptsinthebackground.

Therearealsocryptojackingappsthatareadvertisedaslegitimatethird-partyminers,buttherewardsaredeliveredtotheappdeveloperinsteadoftheusers.

Tomakethingsworse,cybercriminalshavebecomeincreasinglysophisticated,deployinglightweightminingalgorithmstoavoiddetection.

Cryptojackingisincrediblyharmfultoyourmobiledevicesastheydegradeperformanceandaccelerateswearandtear.Evenworse,theycouldpotentiallyactasTrojanhorsesformorenefariousmalware.

Compound 33號和34號提案已通過:Compound Labs剛剛發推宣布，033號提案和034號提案已通過社區投票，將于兩天的等候期后執行。33號提案內容包括：通過取消COMP自動賠付降低Gas成本和允許治理機構按市場分配COMP（而不是根據借款需求動態分配）。34號提案內容包括：通過移除Dai儲蓄率（0.00%）降低Gas成本。[2020/12/27 16:37:51]

Thefollowingstepscanbetakentoguardagainstthem.

Onlydownloadappsfromofficialstores,suchasGooglePlay.Piratedappsarenotpre-scannedandaremorelikelytocontaincryptojackingscripts.Monitoryourphoneforexcessivebatterydrainingoroverheating.Oncedetected,terminateappsthatarecausingthis.Keepyourdeviceandappsupdatedsothatsecurityvulnerabilitiesgetpatched.Useawebbrowserthatguardsagainstcryptojackingorinstallreputablebrowserplug-ins,suchasMinerBlock,NoCoin,andAdblock.Ifpossible,installmobileantivirussoftwareandkeepitupdated.Freegiveawayandfakecrypto-minerapps

Theseareappsthatpretendtominecryptocurrenciesfortheirusersbutdon’tactuallydoanythingapartfromdisplayingads.Theyincentivizeuserstokeeptheappsopenbyreflectinganincreaseintheuser’srewardsovertime.Someappsevenincentivizeuserstoleave5-starratingsinordertogetrewards.Ofcourse,noneoftheseappswereactuallymining,andtheirusersneverreceivedanyrewards.

Toguardagainstthisscam,understandthatforthemajorityofcryptocurrencies,miningrequireshighlyspecializedhardware(ASICs),meaningitisnotfeasibletomineonamobiledevice.Whateveramountsyouminewouldbetrivialatbest.Stayawayfromanysuchapps.

聲音 | Compound總法律顧問：要求以太坊基金會披露ETH銷售狀況等于認為ETH是一種證券:Compound總法律顧問Jake Chervinsky發推稱：“美國法律要求‘內部人士’公開披露某些證券交易，但不要求披露非證券的大宗商品交易（沒有人會這樣做）。因此，有關以太坊基金會應該披露其ETH銷售的說法，基本上就是認為‘ETH是一種證券’，只不過包裝方式不同罷了。”[2019/12/16]

ClipperappsSuchappsalterthecryptocurrencyaddressesyoucopyandreplacethemwiththoseoftheattacker.Thus,whileavictimmaycopythecorrectrecipientaddress,theonetheypastetoprocessthetransactionisreplacedbythoseoftheattacker.

Toavoidfallingvictimtosuchapps,herearesomeprecautionsyoucantakewhenprocessingtransactions.

Alwaysdoubleandtriplechecktheaddressyouarepastingintotherecipientfield.Blockchaintransactionsareirreversiblesoyoushouldalwaysbecareful.Itisbesttoverifytheentireaddressinsteadofjustportionsofit.Someappsareintelligentenoughtopasteaddressesthatlooksimilartoyourintendedaddress.SIMswappingInaSIMswappingscam,acybercriminalgainsaccesstothephonenumberofauser.TheydothisbyemployingsocialengineeringtechniquestotrickmobilephoneoperatorsintoissuinganewSIMcardtothem.Themostwell-knownSIMswappingscaminvolvedcryptocurrencyentrepreneurMichaelTerpin.HeallegedthatAT&Twasnegligentintheirhandlingofhismobilephonecredentialsresultinginhimlosingtokensvaluedatmorethan20millionUSdollars.

Oncecybercriminalshavegainedaccesstoyourphonenumber,theycanuseittobypassany2FAthatreliesonthat.Fromthere,theycanworktheirwayintoyourcryptocurrencywalletsandexchanges.

AnothermethodcybercriminalscanemployistomonitoryourSMScommunications.Flawsincommunicationsnetworkscanallowcriminalstointerceptyourmessageswhichcanincludethesecond-factorpinmessagedtoyou.

Whatmakesthisattackparticularlyconcerningisthatusersarenotrequiredtoundertakeanyaction,suchasdownloadingafakesoftwareorclickingamaliciouslink.

Topreventfallingpreytosuchscams,herearesomestepstoconsider.

DonotuseyourmobilephonenumberforSMS2FA.Instead,useappslikeGoogleAuthenticatororAuthytosecureyouraccounts.Cybercriminalsareunabletogainaccesstotheseappseveniftheypossessyourphonenumber.Alternatively,youmayusehardware2FAsuchasYubiKeyorGoogle'sTitanSecurityKey.Donotrevealpersonalidentifyinginformationonsocialmedia,suchasyourmobilephonenumber.Cybercriminalscanpickupsuchinformationandusethemtoimpersonateyouelsewhere.Youshouldneverannounceonsocialmediathatyouowncryptocurrenciesasthiswouldmakeyouatarget.Orifyouareinapositionwhereeveryonealreadyknowsyouownthem,thenavoiddisclosingpersonalinformationincludingtheexchangesorwalletsyouuse.Makearrangementswithyourmobilephoneproviderstoprotectyouraccount.Thiscouldmeanattachingapinorpasswordtoyouraccountanddictatingthatonlyuserswithknowledgeofthepincanmakechangestotheaccount.Alternatively,youcanrequiresuchchangestobemadeinpersonanddisallowthemoverthephone.WiFiCybercriminalsareconstantlyseekingentrypointsintomobiledevices,especiallytheonesofcryptocurrencyusers.OnesuchentrypointisthatofWiFiaccess.PublicWiFiisinsecureandusersshouldtakeprecautionsbeforeconnectingtothem.Ifnot,theyriskcybercriminalsgainingaccesstothedataontheirmobiledevices.TheseprecautionshavebeencoveredinthearticleonpublicWiFi.

ClosingthoughtsMobilephoneshavebecomeanessentialpartofourlives.Infact,theyaresointertwinedwithyourdigitalidentitythattheycanbecomeyourgreatestvulnerability.Cybercriminalsareawareofthisandwillcontinuetofindwaystoexploitthis.Securingyourmobiledevicesisnolongeroptional.Ithasbecomeanecessity.Staysafe.

Tags：THEINGYOUAPPDeltaThetaUpfiringyoukey元宇宙app下載安卓

FIL