Cryptocurrency: it’s a term blasted around the internet at the moment. It’s impossible to scroll through a news feed without a mention of Bitcoin, Ether, Monero, Litecoin… you get the idea. A couple of months back, the most popular cryptocurrency Bitcoin achieved a monumental milestone. It surpassed the price of an ounce of gold after an intense period of growth.

The rising price of cryptocurrency has sparked debate amongst cybersecurity researchers, who fear the inflated price could have big implications for security, encouraging hackers to push up corporate ransom demands. The experts at MWR Infosecurity attribute this growth to technological changes in virtual currencies, making it easier for cyber criminals to move amounts anonymously. Could this threat be the next danger to corporate data?
It’s worth looking into the data to investigate further.

The rise of Cryptocurrency

This month Bitcoin prices shot up over $6,000 per coin, even though the total market value of cryptocurrencies is just $171bn. According to the experts at Coinmarketcap:

“A single transaction that consumes much of the liquidity of a market is very likely to be noticed, whilst a proportionally smaller transaction on a larger marketplace will generate less attention. As such, increasing liquidity of cryptocurrencies will mean criminals can extract greater values,”

The idea of a peer-to-peer digital currency that enables instant payments to anyone in the world, free of institutional control, is very enticing. We had a look at the most popular digital asset trading sites to see if they were being accessed by corporate devices across our network. We mapped the data usage against the fluctuating price of Bitcoin, undoubtedly the most popular cryptocurrency, and the results spoke. As the price of Bitcoin skyrocketed in mid-October, so did average data use.


The dangers

Imitation: a form of flattery

Fake news, fake apps… 2017 is the year of imitation. Users visit the official Play Store expecting to find legitimate applications, but that’s not always the case. Last week, Google acknowledged this and raised their bounty to $1000 for hackers who can successfully find vulnerabilities in such apps. Users of the popular cryptocurrency exchange, Poloniex, have been the target of two credential thieving attacks.
The website – that doesn’t yet have a mobile app – has been used as inspiration for attackers, nine apps have surfaced in the Play Store under the guise ‘Poloniex’. We Live Security reported how two of these apps, named “Poloniex” and “Poloniex Exchange”, were put onto the Android app service and downloaded more than 5,500 times before being removed.
The convincing apps, shown below, were used to mimic the official website, collect user credentials and send back the information to the attacker. The logins were then stored and used to gain access to wallets via the official website.

Fake applications in the Play Store

Cryptophishing: a growing trend

Another technique used to trick cryptocurrency fanatics is phishing. This time popular digital asset trading site, ‘Blockchain’, was used as a vehicle for the attack.
When Blockchain is typed into Google, the first result to appear is a sponsored ad labeled ‘ – Online – Wallet Ad’. Initially, nothing seems suspicious about this.
However, when users click on the URL, they notice something very different. The domain they are taken to is in fact ‘’. Close the official site, but not quite the same. Again, the site is designed to mimic the official ‘Blockchain’ login page in an attempt to gain user credentials and empty wallets of their digital assets. An example of a well-coordinated attack with a lucrative reward.

Guidance for businesses

With this in mind, it’s crucial that you have a security solution in place that is able to monitor and intercept and block traffic directed to or coming from recognized phishing sites. If hackers are able to gain access to something as secure as cryptocurrency, then this has huge implications for the sensitive corporate data stored on the device.
It’s not just what on the compromised device that’s at stake. You’d be surprised how many people use private passwords for their corporate logins. Once obtained these credentials are often sold on the Dark Web for significant sums.
As a fundamental technique in the hacker’s toolkit, phishing domains form the cornerstone of most attacks. The research linked to below shows that mobile phishing is likely to remain among the biggest concerns to CISOs in 2017 and beyond.
Download the Mobile Phishing Report
Mobile features a number of unique characteristics that make it a particularly fertile ground for phishing attacks. The limited screen size means it’s harder to spot fake URLs in the browser, and the on-the-move nature of the device means that most interactions demand less focus from the user. Attackers know this and use it to their advantage.

Mobile Phishing trends

To protect your fleet from attack you must ensure your workforce are vigilant when installing apps. If there are multiple applications operating under a variation of the same name, encourage users to check product reviews and look into the permissions they’re granting the app once installed. A digital trading app, for example, doesn’t need camera, or microphone access.
Always investigate who published the app. As you’ve seen, scammers will use similar names; such was the case for (real) and Blockchain Inc (fake). When in doubt, visit a store’s website in the browser and look for an icon or button that reads “Get our app.” This should take direct the user to the App Store, or Play Store, where they can download the official app.

Introducing App Insights

If you’d like greater visibility of what apps are installed across your corporate estate, take a look at App Insights. App Insights begins by delivering a comprehensive list of apps that are being used across the mobile device fleet, complete with user ratings, versioning details, and additional metadata. This helps IT admins to determine what actions need to be taken to address risky, out-of-date or non-compliant apps.
If a corporate device is used to access a rogue cryptocurrency app, this can be recognized immediately due to its permission levels and the URLS accessed. When a Wandera customer trialed the new App Insights tool prior the launch, their IT specialists were made aware of a third party file-sharing app installed on a large percentage of devices within the mobile estate. Upon further investigation, it was found that this particular file sharing app was hosted on a server that has been known to host sites containing malware. The organization in question were able to set up a policy to block this app and similar applications in the future.
If you’d like to find out more information of how Wandera’s robust mobile security solution can protect against malicious application and websites, get in touch with one of our mobility experts today.