CryptoMode Operation Prowli Malware

Cryptocurrency users who often rely on mobile devices are prone to various potential security incidents. One recent discovery shows how millions of Android users were at risk of having to deal with PreAMo malware. This particular strain is nefarious for many different reasons, as it has the ability to bypass two-factor authentication methods linked to the infected device This is a big problem for cryptocurrency users, as most exchanges provide 2FA through SMS these days.

The PreAMo Malware Threat is Real

Every single time a new report surfaces regarding mobile device malware strains, it is ignored at first. This is primarily because most of these efforts require users to download new or dodgy applications before the strain becomes effective. In the case of PreAMo, that situation is a bit different. It had the potential to infect millions of Android users globally, albeit it seems Google has finally put an end to this threat. Even so, it remains unclear how much damage has been done in the process.

To put this in perspective, the PreAMo malware was primarily distributed through popular Android applications found on the Google Play Store. All of these apps combine for over 90 million downloads, which only further confirms how severe this threat could have been. It is not the first time Android apps are riddled with malware, as incidents like these tend to occur several times a year.

Due to this new incident, researchers quickly began investigation what PreAMo is capable of exactly, it seems this particular malware specializes in bypassing advanced two-factor authentication protection. Especially codes sent via SMS or email can be retrieved, even if the malware – or associated application  -does not have the necessary Android permissions to access this information. 

Interestingly enough, the PreAMo malware can be modified in such a way that it can effectively read notification on an infected mobile device. Any displayed content of any notification sent through such a device is sent to servers operated by criminals. It is a very worrisome thought to consider, as everyone assumed it was impossible for third-party apps to read notifications without permission. That is clearly not the case, which makes Google’s restriction of accessing SMS and Call Logs rather moot. 

In most cases, the criminals will develop an application which is designed to mimic an existing offering. It seems BtcTurk was one of the first cryptocurrency firms to deal with such an impersonation application. How many users were affected by this fake app looking to phishing for login credentials, has yet to be determined. It is also unclear if any funds have been stolen in the process, albeit it seems likely that was the hacker’s main objective. 

For other cryptocurrency users, this serves as a very strong warning as to what the future may hold. It seems likely even more applications impersonating exchanges and other service providers will come to market in the future. Given how popular cryptocurrencies have become in recent years, the industry makes for a rather lucrative market if attacks like these can be pulled off successfully. 


Disclaimer: This is not trading or investment advice. The above article is for entertainment and education purposes only. Please do your own research before purchasing or investing into any cryptocurrency or digital currency.

LEAVE A REPLY

Please enter your comment!
Please enter your name here