Lookout researchers have found that 172 Android apps have been scamming users all over the world, with over $350,000 stolen from mobile users who purchased the apps.
The scammers were claiming to offer cloud-based cryptocurrency mining, but in reality, all they did was take subscriber's money and provide no service.
Lookout found that 25 of the programs were available on the Google Play Store, and Google has since taken them down. Lookout investigators found that no cryptocurrency was generated, and based on their analysis more than 93,000 people were scammed and at least $350,000 was stolen from paying users.
The apps promised to perform cryptocurrency mining (in return for a fee), on behalf of the subscribers. The apps offered a virtual dashboard to users, that let them monitor the cryptocurrency mining rate. This dashboard was supposed to show users how much virtual coin had been generated. When Lookout examined the computer code in the apps (alongside the network traffic), the coin balance displayed was found to be fictitious.
Not a single one of the apps performed any kind of legitimate cloud-based cryptocurrency mining, meaning that users had been paying for a non-existent service and being scammed out of thousands.
The apps ranged from $10.99 to $20.99 in the Play Store, and Google has since removed them. However the apps are still circulating on third-party stores, and thousands more mobile users are still under the threat of being scammed.
According to Lookout, Google's security vetting failed to detect these bogus scam apps, which was most likely because they contained no malicious software processes so they did not flag up. Lookout explained that the apps hardly do anything at all, and are simply shells to collect money for services that don't exist.
A few final words from Lookout, '“Take your time, and if a deal is too good to be true, it probably isn’t real''.