Key takeaways
Some scammers create fake mobile apps imitating the official Binance app to steal users' sensitive data and digital assets.
Criminals can attempt to empty wallets by manipulating their QR code or address during the withdrawal and deposit processes.
Only download the Binance app from official channels to avoid installing fraudulent apps.
Fake mobile apps are a category of scams that have long plagued the digital asset space. It's not just beginners in this world who have difficulty distinguishing legitimate apps from fraudulent ones: experienced users can also fall into the trap by updating their crypto apps from unofficial sources.
The criminals behind such schemes rely on the carelessness of users, who download apps from unofficial and untrustworthy sources and then make withdrawals to wallet addresses without verifying their authenticity.
This article deciphers fake crypto applications: what are they, how do they work and, above all, how to protect yourself from them?
What is a fake app?
Fake apps are designed to look like their legitimate counterparts, such as the official Binance app, which you will find in official app stores. The creators of this fraudulent software try to trick Internet users into believing that they are real applications, and encourage them to download them. In short, they seek to leverage users' trust in the organization or service publishing the genuine app to install their malware on as many devices as possible. In the case of crypto applications or financial services, installing such software on a personal device poses a serious threat to the security of users' assets.
Not all fraudulent apps are recognizable at first glance, as they are designed to mimic the original app almost perfectly. Once installed, a malicious application is capable of spying on your phone's activity, stealing your personal information and even stealing your crypto-assets without you realizing it. If you don't download the Binance app from one of our official sources, you could be a victim of a fake app without realizing it.
Sometimes very serious consequences
Fake apps are much more common than most people realize, and the consequences of having malware installed on your device can be disastrous. Here's what can happen when you install a fake app.
Data theft
Some fake apps are created by modifying the original code of the official Binance app, so as to discreetly leak your password and login details to others without you knowing. These applications are thus capable of sending large quantities of diverse and varied personal data: your text messages, your phone calls, your contact lists, your photos, your search history, your location data, your crypto wallet addresses, and even your recovery phrases. Once attackers have your login credentials and/or recovery phrases, they can easily steal your funds, but also share your personal data with other malicious actors who could then attack you in turn .
Loss of assets
Crypto wallet addresses are very difficult to remember, and scammers use this complexity in their favor. Most fake apps manage to steal user assets by generating fake crypto wallet addresses that replace the real addresses on the app's deposit and withdrawal interface. The differences between the two are minimal, and you have to look closely to realize that the characters vary slightly.
Another common tactic used by fake app developers is to take over the user's clipboard when copying and pasting a deposit or withdrawal address and replace the desired address with that of the wallet. the scammer, who will receive the funds thus transmitted.
QR codes for withdrawal addresses also regularly fall victim to similar manipulation: The screenshot below illustrates a USDT deposit page on the Binance app where the information in the three highlighted sections can be replaced with false data.
1. The QR code can be replaced by a dummy code, and it is almost impossible to notice with the naked eye.
2. Wallet address can also be faked: Even if you have memorized the first and last digits of your address, the numbers in between can be changed. Unless you remember all the numbers, it's hard to immediately notice that the address has changed.
3. The “Copy” feature of fake apps may not duplicate your real address, but replace it with the scammer's when you transfer.
Likewise, a fake app can change the address on the order confirmation page to that of the scammer during the withdrawal process: even if you entered the correct withdrawal address in the previous step, funds can still be transferred elsewhere.
How to protect yourself from fake apps?
Fortunately, there is a simple way to avoid being the next victim of a fake application: systematically download the Binance application from our official channels.
Binance Official Website
Google Play
App Store d’Apple
You can also send an email to download@binance.com to acquire the most recent version of the official Binance applications (Apple or Android).
We remind you that you are solely responsible for carrying out due diligence and following general security measures regarding the legitimacy of applications appearing to be Binance applications before downloading and installing it. Binance is not responsible for any loss that may arise from the use of illegitimate or fake applications.
Deposit via Binance app: Before you start your transfer, take a few extra steps to ensure your security. Open a new incognito window in your browser, log in to the official Binance website, then go to the “Deposit” tab to get your deposit address. Compare it to that entered in the application downloaded to your phone.
At the time of withdrawal: After entering your withdrawal address on the send crypto page, double-check it on the order confirmation page, as fake apps can also manipulate your address at this stage.
Also compare this address with the one in the confirmation email you received: they should be the same.
Transfer a small amount first
Typically, when initiating a cryptocurrency transfer, we recommend that you first deposit or withdraw a small amount on a trial basis. This allows you to verify that you have the correct transfer address, and thus to carry out larger transactions with confidence.
Remember, however, that the successful receipt of a small transfer does not guarantee the authenticity of your application: the most sophisticated fraudulent applications allow small deposits or withdrawals to be sent to the intended account in order to convince the user, but higher amounts are transferred to the scammer's account.
Whenever you make a transfer, always verify the forwarding address (following the steps provided above) to ensure its authenticity, and never relax your vigilance so as not to get tricked by fraudulent apps!
What to do if you installed a fake app?
If you think you have installed a fake Binance app on your phone, follow the steps below:
Uninstall the suspicious app immediately and download the Binance app from any of the official sources listed above.
Change your Binance account password.
Contact customer service to report the incident to them.
For more information
Today's Catch: Anti-Phishing Codes and How to Protect Yourself
The guide to fake apps: how to spot and avoid them? | Binance Blog
Secure Your Binance Account in Seven Simple Steps
