Title: [SCAM] Fake Atomic wallet phishing app Post by: dkbit98 on July 09, 2020, 01:29:36 PM What happened: Fake Atomic Wallet app that is phishing for your seed words and private key.
Do NOT download and install this! REPORT IT Website: Code: https://play.google.com/store/apps/details?id=com.atomicwallet.atomicwalletmanager ANN:not found https://i.imgur.com/mInYLMe.png https://i.imgur.com/hLTzPCL.png Real and original Atomic wallet app is only this: https://play.google.com/store/apps/details?id=io.atomicwallet Title: Re: [SCAM] Fake Atomic wallet phishing app Post by: Casdinyard on July 09, 2020, 01:53:17 PM ~ FLAG SUPPORTED! I've also looked at the fake app's permission and it was too suspicious as it only requires full network access permission while most wallets needs almost everything, and the fake wallet app's features contradicts it's permission required. Also, its file size seems to only need its phishing activities to run as crypto wallet. Good catch op! Title: Re: [SCAM] Fake Atomic wallet phishing app Post by: 409H on July 10, 2020, 12:48:15 AM I have decompiled the APK and reported to AtomicWallet via Twitter DM
The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform) Title: Re: [SCAM] Fake Atomic wallet phishing app Post by: Casdinyard on July 10, 2020, 02:02:35 PM I have decompiled the APK and reported to AtomicWallet via Twitter DM The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform) Can you indicate here the apk codes that has the line that leads to that file? Knowing that it redirects to a google form then sends to the attacker wouldn't be enough, evidences such as screenshots or the real code will do.. The file you've indicated only is I guess a dummy file form. If they would use google, wouldn't it be that hard and difficult to link due to security measures of google? Now I see why they only need network access permission, so that they could redirect the user's phrases input in the fake app. Title: Re: [SCAM] Fake Atomic wallet phishing app Post by: 409H on July 10, 2020, 02:29:21 PM I have decompiled the APK and reported to AtomicWallet via Twitter DM The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform) Can you indicate here the apk codes that has the line that leads to that file? Knowing that it redirects to a google form then sends to the attacker wouldn't be enough, evidences such as screenshots or the real code will do.. The file you've indicated only is I guess a dummy file form. If they would use google, wouldn't it be that hard and difficult to link due to security measures of google? Now I see why they only need network access permission, so that they could redirect the user's phrases input in the fake app. For sure. They use the GoogleForm to host the submitted data, but have a custom HTML view to make it look more legitimate https://i.imgur.com/JAIiQ9L.png https://i.imgur.com/jWoXYcU.png Here's a video of me running the webviewed HTML file on a local server: https://youtu.be/-Z00p-l5KIM Title: Re: [SCAM] Fake Atomic wallet phishing app Post by: sujonali1819 on July 10, 2020, 02:54:36 PM Website: It seems the link showing error. Maybe it removed from google play store. It's really a good job by google. Code: https://play.google.com/store/apps/details?id=com.atomicwallet.atomicwalletmanager Actually, scams are everywhere nowadays. And it really very hard to alive on the internet for some unaware people. And these types of fake wallets play a vital role to stop them. So we have to aware of it and we should report these wallets ASAP after seeing. |