Highlights

  • Scammers may use fake mobile apps that replicate the official Binance app to steal users' sensitive data and digital assets.

  • One way criminals may attempt to divert funds is through manipulation of the QR code or wallet address during the withdrawal and deposit process.

  • Users should always download the Binance app from official channels to avoid installing fraudulent apps.

Scams using fake mobile apps have been a prominent threat in the digital asset space. It’s not just new users who may have trouble distinguishing between authentic and fraudulent apps, but even experienced users could fall into the same trap if they update their cryptocurrency apps using unofficial sources.

Criminals running these schemes hope that users will inadvertently download apps from unofficial and untrustworthy sources before making withdrawals to wallet addresses without verifying their authenticity.

In this article, we will focus on fake cryptocurrency apps: what they are, how they operate, and most importantly, the steps you should take to protect yourself from fake app scams.

What are fake apps?

Fake apps are designed to look like authentic apps, such as the official Binance app, which you find on official stores. People who make this fraudulent software seek to trick other users into thinking it is the real app and downloading it. Essentially, they seek to take advantage of users’ trust in the organization or service issuing the real app to get people to install malware on their devices. In the case of cryptocurrency or financial services apps, installing the software on a user’s device puts their assets at serious risk.

Not all fraudulent apps can be easily identified at first glance, as they can be designed to look very similar to the originals. Once installed, malicious apps can spy on your phone activity, steal your personal information, and even steal your crypto assets without you even realizing it. If you don't download the Binance app from official sources, you could fall victim to a fake app scam without even realizing it.

The consequences can be serious

Fake app scams are more common than most users think. The consequences of installing a piece of malicious software on your device can be serious. Here are some of the scenarios that can occur once a fake app is installed.

Data theft

Some fake apps are created by modifying the original code of the official Binance app. These altered apps can silently send your password and login details to others without your knowledge. They can send a wide range of personal data: text messages, phone calls, your contact lists, photos, search history, location data, cryptocurrency wallet addresses, and even recovery phrases. Once attackers obtain a user’s login credentials or recovery phrases, they can easily steal their funds. Additionally, criminals can share the victim’s personal data with other bad actors who could target them for further attacks.

Loss of assets

Scammers take advantage of the fact that crypto wallet addresses are notoriously difficult to remember. One of the most common ways cryptocurrency users lose their assets to fake apps is when these scam apps generate crypto wallet addresses that look just like the real ones. They can then replace the real addresses displayed on the deposit and withdrawal pages of the user interface. Unless users compare them character by character, there is little visual difference between their real wallet address and the fake one.

Another common technique involves fake apps that manipulate users' clipboards when they copy and paste deposit or withdrawal addresses. In these cases, when you paste the address to make the transfer, the one that gets pasted is the scammer's wallet address, who ends up receiving the funds.

In addition to the clipboard, it is also possible to replace QR codes encoding withdrawal addresses. The screenshot below shows a USDT deposit page on the Binance app where the three highlighted sections can be targets that fake app designers can replace.

1. Scammers can replace the QR code. Visually, it is almost impossible to distinguish between the real one and the fake one.

2. The Wallet Address section can also be manipulated. Even if you remember the first and last digits of your address, fake apps can alter the digits in between. So unless you remember all the digits, it's hard to tell the difference at first glance.

3. On fake apps, the "copy" feature may not actually duplicate your real address, but is instead designed to trick you into pasting the scammer's address when making a transfer.

Similarly, during the withdrawal process, a fake app may change the address to the scammer's on the "Confirm Order" page. This way, even if you've entered the correct withdrawal address in the previous step, the funds may end up being sent somewhere else.

How to protect yourself

Fortunately, there is an easy way to avoid falling victim to a fake app scam: always download the Binance app from our official channels.

  • Binance Official Website

  • Google Play

  • Apple Store

Additionally, you can email download@binance.com to purchase the latest version of the official Binance Apps for both Apple and Android.

Users are responsible for conducting due diligence and following general safety measures to verify the legitimacy of any application that resembles the Binance App before downloading and installing it. Binance is not responsible for any loss that may be incurred due to the use of fake or illegitimate applications.

When depositing via the Binance App: Before you initiate the transfer, there are a few additional steps you can take to enhance security. Open a new incognito window in your browser, log in via the official Binance website, then go to “Deposit” and find your deposit address. Compare the deposit address on your phone with the one on the Binance website.

When withdrawing: After entering your withdrawal address on the “Send Crypto” page, double-check the address on the “Confirm Order” page to verify its authenticity, as fake apps can manipulate your address at this stage.

    

Also, please compare this address to the one in the email notification we sent you to confirm that they are the same.

Transfer a small amount first

As a general guideline, when initiating a cryptocurrency transfer, we recommend first depositing or withdrawing a small amount as a test. This practice helps confirm that you have the correct transfer address, allowing you to then make larger value transactions with confidence.

However, keep in mind that successfully receiving a small transfer does not always guarantee that the app you are using is 100% authentic. There are sophisticated scam apps, designed to allow smaller transactions, deposits or withdrawals to reach the desired account, thereby gaining the user's trust. Later, when transferring larger amounts, the funds are redirected to the scammer's account.

Whenever you make a transfer, always check the transfer address (you can use the steps mentioned above) to ensure its authenticity, and always be careful to avoid using fraudulent applications.

What if you already have a fake app installed?

If you suspect that a fake Binance app has been installed on your phone, please follow these steps:

  1. Uninstall the suspicious app immediately and download the Binance app from one of the official sources listed above.

  2. Change your Binance account password.

  3. Contact Customer Service to report the incident.

You may also like…

  • A guide to fake apps: how to spot and avoid them

  • Protect your Binance account in seven easy steps