The growth of the cryptocurrency market continuously attracts cyber crooks, heightening their effort in developing malicious apps and wallets targeting crypto users.
Hackers now develop fake apps and then upload to mobile app distribution platforms such as Google play store and App store, according to a report from ESET antivirus researchers
In a recent development, two fake cryptocurrency apps were uploaded on google play store and have been downloaded by thousands of unsuspecting users.
One of the apps, which was first spotted by reddit users, was reportedly designed to impersonate the famous hardware crypto provider “Trezor” and also bearing the name “Trezor Mobile Wallet.”
The fake Trezor app was uploaded on Google Play Store with “Trezor Inc.” as the developer on May 1, 2019, and the contents appeared legitimate at first glance. The app quickly emerged as the second result after Trezor’s official app in search results, ESET added.
ESET further expressed it was curious about the ability of such an app, adding that they haven’t seen such malware app on Trezor’s branding. This is because their hardware wallets require PIN authentication and physical manipulation or knowledge about the recovery seed, to gain access stored cryptocurrencies, just like the official app dubbed “TREZOR Manager.”
On analyzing the app, ESET antivirus researchers found out that the app can’t do any harm to Trezor users due to Trezor’s multiple security layers;
However, the app is linked to a fake cryptocurrency wallet app dubbed “Coin Wallet – Bitcoin, Ethereum, Ripple, Tether,” which can defraud unsuspecting users their funds. Both apps were created based on app template sold online.
On this effect, ESET said it has reached out to the hardware wallets provider and Google’s security teams on the development via their blog post.
Trezor, in response, said the fake app posed no direct threat to the users. However, they expressed concerns that the users’ email addresses collected by such fake apps might be misused for phishing schemes with Trezor’s users as the target.
At the time of writing this report, both apps – the fake Trezor app and the Coin Wallet app were not available on Google Play Store.