Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Tens of Thousands Scammed Using Fake Android Cryptomining Apps

Tens of Thousands Scammed Using Fake Android Cryptomining Apps

Scammers tricked at least 93,000 people into buying fake Android cryptocurrency mining applications, as revealed by researchers from California-based cybersecurity firm Lookout.

The 172 paid Android applications, tracked as two separate families dubbed BitScam (83,800 installs) and CloudScam (9,600 installs), were advertised by the cybercriminals to victims as providing cloud cryptocurrency mining services.

Twenty-five of these fake apps were available in the Google Play Store, while those sold on third-party app stores could be side-loaded by victims on their Android devices.

Fake app upgrades also used to scam victims

Lookout researchers revealed in a report published today that the apps didn’t include any cloud cryptomining functionality.

Instead, the scammers filled up their wallets by selling the fake apps without actually providing any of the advertised services.

The scammers used the fake Android apps to steal a total of over $350,000 ($300K in app sales and $50K in fake upgrades) from thousands of victims worldwide who bought the apps and paid for additional services and non-existent upgrades.

“These apps were able to fly under the radar because they don’t actually do anything malicious,” Lookout mobile app security researcher Ioannis Gasparis said.

“They are simply shells set up to attract users caught up in the cryptocurrency craze and collect money for services that don’t exist.”

Also Read: How Does Ransomware Work? Examples and Defense Tips

CloudScam and BitScam apps found on the Play Store
Some of the CloudScam and BitScam apps found on the Play Store (Lookout)

Dozens of fake cryptomining apps still for up for sale

Targets were lured into spending even more money on the apps using the promise of additional services and app upgrades, purchasable via cryptocurrency transfers straight to the scammers’ crypto wallets or via the Play Store.

“Both CloudScam and BitScam also offer subscriptions and services related to crypto mining that users can pay for via the Google Play in-app billing
system,” Lookout explains.

“What makes BitScam different is that its apps also accept Bitcoin and Ethereum as payment options.”

Even though Google has already removed all the fake BitScam and CloudScam cryptomining apps found on the Play Store apps, Lookout says that dozens of them are still up for sale on third-party app stores around the web.

Also Read: How to Choose a Penetration Testing Vendor

A list of all BitScam and CloudScam apps, indicators of compromise (IOCs), additional technical details, and info on the number of Play Store installs per app are available in the Lookout report.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us