[SCAM] Fake Atomic wallet phishing app

[dkbit98]

What happened: Fake Atomic Wallet app that is phishing for your seed words and private key.
Do NOT download and install this!
REPORT IT

Website:

Code:

https://play.google.com/store/apps/details?id=com.atomicwallet.atomicwalletmanager

Archive: http://archive.vn/jD5tw
ANN:not found





Real and original Atomic wallet app is only this:
https://play.google.com/store/apps/details?id=io.atomicwallet

[Casdinyard]

~

FLAG SUPPORTED!

I've also looked at the fake app's permission and it was too suspicious as it only requires full network access permission while most wallets needs almost everything, and the fake wallet app's features contradicts it's permission required. Also, its file size seems to only need its phishing activities to run as crypto wallet.

Good catch op!

[409H]

I have decompiled the APK and reported to AtomicWallet via Twitter DM

The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform)

[Casdinyard]

I have decompiled the APK and reported to AtomicWallet via Twitter DM

The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform)

Can you indicate here the apk codes that has the line that leads to that file? Knowing that it redirects to a google form then sends to the attacker wouldn't be enough, evidences such as screenshots or the real code will do.. The file you've indicated only is I guess a dummy file form. If they would use google, wouldn't it be that hard and difficult to link due to security measures of google?

Now I see why they only need network access permission, so that they could redirect the user's phrases input in the fake app.

[409H]

I have decompiled the APK and reported to AtomicWallet via Twitter DM

The app loads a local HTML file into a webview and asks for mnemonic phrases which then sends to a Google Form (https://docs.google.com/forms/d/e/1FAIpQLSfUiPHs1lOr_XLMemq6aMLcS3BQ4BaYOJXDUTMEMqibPgazsA/viewform)

Can you indicate here the apk codes that has the line that leads to that file? Knowing that it redirects to a google form then sends to the attacker wouldn't be enough, evidences such as screenshots or the real code will do.. The file you've indicated only is I guess a dummy file form. If they would use google, wouldn't it be that hard and difficult to link due to security measures of google?

Now I see why they only need network access permission, so that they could redirect the user's phrases input in the fake app.

For sure. They use the GoogleForm to host the submitted data, but have a custom HTML view to make it look more legitimate

https://i.imgur.com/JAIiQ9L.png
https://i.imgur.com/jWoXYcU.png

Here's a video of me running the webviewed HTML file on a local server: https://youtu.be/-Z00p-l5KIM

[sujonali1819]

Website:

Code:

https://play.google.com/store/apps/details?id=com.atomicwallet.atomicwalletmanager

It seems the link showing error. Maybe it removed from google play store. It's really a good job by google.

Actually, scams are everywhere nowadays. And it really very hard to alive on the internet for some unaware people. And these types of fake wallets play a vital role to stop them. So we have to aware of it and we should report these wallets ASAP after seeing.