As Bitcoin has managed to gain momentum consistently, fake cryptocurrency apps are quickly propping up on Google’s Play Store for Android device.
Cybercrooks wants your money
In May 2019, Bitcoin reached its highest price point since September 2018 giving everyone a ray of hope for an upcoming bull market. However, it has also brought some negative attention to the market. Cybercrooks now want to grab your coins and profit off them. A recent study by WeLiveSecurity proves that these apps are targeting cryptocurrency users.
One such app detected by WeLiveSecurity was “Trezor Mobile Wallet” which impersonated the popular hardware wallet Trezor. The malicious software exploited Trezor’s branding. Note that Trezor is a hardware wallet that keeps your coins in cold storage. These coins can only be accessed with physical use of the device and PIN authentication.
The official app of the wallet “TREZOR Manager” also uses similar constraints. The app, however, couldn’t do any harm to Trezor users because of the wallet’s security layers. It was connected to another fake crypto wallet app called “Coin Wallet- Bitcoin, Ripple, Ethereum, Tether,” which could scam users. Interestingly, both the apps were made using app templates sold online.
What happens to these apps now?
WeLiveSecurity has reported the fake app to Google’s security teams, and it has also reached out to Trezor, notifying it of the exploitation of its branding. Trezor has confirmed that the app cannot pose a direct threat to its users but was concerned that email addresses collected using these fake apps could be misused later in phishing attacks, targeted specifically at Trezor users.
Both the fake apps have since been deleted from the Google Play Store. However, there are disturbing revelations about the app that could affect even the most aware users. The app was uploaded to Google Play store on May 1, 2019, right around the time when Bitcoin prices were showing a solid upward momentum building up. The name of the developer was listed as “Trezor Inc.” The app design, name, developer name, app category, app description, and even the images look completely legitimate in the first look. Interestingly, the app was also the second result displayed for “Trezor” in the store.
After the app has been installed, it sheds all disguise, and its icon appears different from what is shown on Google Play. It starts showing Coin Wallet icon instead. It has a generic login screen and doesn’t mention Trezor anywhere. This could be used to steal login credentials. The app even goes on to generate unique wallet addresses where users can transfer their coins and eventually lose them.