There has been a discovery of cryptocurrency applications on Google play that are just there for phishing and scamming users out of their rightfully owned cryptocurrency. These fake apps are scamming cryptocurrency details. This is in accordance with the new report by ESET.
These new fake applications have made their way to Google pay after bitcoin reached its peak in the past few weeks. The craze for bitcoins has been on the all-time rise since bitcoin reached its peak in September of 2018.
Cybercriminals seized this opportunity to trap new cryptocurrency users in vicious scams and malicious apps. The ESET researchers did thorough research of these fake apps and have come up with a few things. One of these is that one fake app is impersonating the popular hardware crypto wallet Trezor.
The illegitimate fake application was connected to a fake cryptocurrency wallet app by the name of “Coin Wallet – Bitcoin, Ripple, Ethereum, Tether,” which is capable of scamming unsuspecting users out of money.
“We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app,” says Lukáš Štefanko, the ESET researcher who conducted the research, concerning his interest into this specific fake app.
“After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so-called recovery seed, to access the stored cryptocurrency,” he explains.
Though the application can do no harm to the user’s money with Trezor, the fake application is capable of luring users out of money.
“Both these apps were created based on an app template sold online,” Štefanko said.
The app masquerading as a mobile wallet for Trezor was uploaded to Google Play on May 1, 2019, under the developer name “Trezor Inc.”
“Overall, the app’s page on Google Play appeared trustworthy at first glance. At the time of our analysis, the fake app even came up as the second most popular result when searching for “Trezor” on Google Play, right behind Trezor’s official app. However, the fake app is used to phish for login credentials,” Štefanko explains.
“The app claims it lets its users create wallets for various cryptocurrencies. However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named wallet address scams in our previous research into cryptocurrency-targeting malware.”
All through the crypto savings were safe the company did express concern about the data. it said, “However, they did express concern that the email addresses collected via fake apps such as this one could later be misused in phishing campaigns.”