[Crypto Malware] Fake ‘Trezor Mobile Wallet’ Pops Up On Google Play Phishing For Credentials
Google Play Becomes Latest Platform to Be Infected with Crypto Malware
- Google Play becomes host of malicious applications, which have already been removed.
- Consumers should always check the source of the application before downloading it.
When Bitcoin has a few good days or even a few good weeks, it does not take long for hackers to break in with new ways to steal from unsuspecting victims. As Bitcoin stands at about $7,785.54 at the time of writing, cryptocurrency malware has already been found on Google Play. This program is used by millions of Android devices already, and two apps have been discovered that are stealing crypto assets from users. The research was performed by ESET, finding that the two apps are called Trezor Mobile Wallet and Coin Wallet, according to reports from The Next Web’s Hard Fork.
Trezor Mobile Wallet is an app designed to look just like Trezor, which is a trusted hardware wallet. The researchers analyzed the content of the app, ultimately finding that there wasn’t a threat to Trezor users. However, the scam comes in when the user connects to the app, because it offers a fake wallet called “Coin Wallet,” which is a potential scam to pull user funds that is also linked with the Coin Wallet app on Google Play.
The fake app for Trezor only appeared on Google Play on May 1st and has already earned enough attention to be listed directly beneath the official app, according to security researcher Lukas Stefanko. Google Play routinely performs security checks of all of the new apps added, which led consumers to believe that there’s no reason to worry. The imagery alone looks authentic, and it is easy to fall for this app. Again, even though the app directly will not cause harm to users, the connection to Coin Wallet could.
Upon entering the home screen for the app, the user will see the Coin Wallet logo, and there is no more mention of the Trezor wallet. The user is then presented with a login screen, which is how the scammer phishes for the personal data. Stefanko said that the research team has been unable to determine exactly what the credentials will be used to do, but they believe that the scammer saves it on their own server.
The Coin Wallet app is a wallet address scam. When users think they are depositing funds into the Coin Wallet app, the cryptocurrency ends up being moved directly into the scammer’s wallet instead. As damaging as these two scams are, perhaps the more worrisome fact is that anyone could get the source code online for $40 to recreate it for themselves.
When purchasing the code, the templates don’t appear to be malicious or threatening, because they are meant to be the foundation of a generic crypto wallet app for developers. However, individuals with clearly selfish and malicious intent will spin this source code into a way to attack investors and take their crypto funds.
Despite Google Play’s staunch commitment to running security checks on their applications, this is not the first time that a scam has been posted to the platform. At the same time last year, Google Play was flooded with apps that would steal cryptocurrency from users of their program. However, after looking on Google Play, it appears that the company has already removed the nefarious apps.
Whenever any consumer downloads an app, whether it is based in cryptocurrency or not, then it is important to verify the source that the program comes from.