According to the published blog post, the 4 fake cryptocurrency wallets were found on the Google Play Store, by Malware researcher Lukas Stefanko. The apps were presented as cryptocurrency wallets for NEO, Tether and an extension for accessing ETH, MetaMask. Presumably, wallets were designed for stealing users’ mobile banking credentials and credit card information. Stefanko divided the wallets into 2 groups, the fake MetaMask app he called the “phishing wallet” and the rest apps – “fake wallets.” After installing and launching the phishing app, the user gets requests for the private key and wallet password. It is reported, that the fake crypto wallets instead of creating a new wallet through generating a public address and a private key, which are necessary for secure sending and receiving digital currency, just displayed the attacker’s public address without user access to the private key. This way users were thinking that the app has generated their public address and deposited their funds to that wallet, but withdraw those was impossible since the private key belonged to a cybercriminal.