ESET researchers have analyzed fake cryptocurrency wallets emerging on Google Play at the time of bitcoin’s renewed growth
May 2019 has seen bitcoin growing, with its price climbing to its highest points since September 2018. Not surprisingly, cybercrooks were quick to notice this development and started upping their efforts in targeting cryptocurrency users with various scams and malicious apps.
One such app was recently spotted on Google Play by Reddit users, impersonating the popular hardware cryptocurrency wallet Trezor and using the name “Trezor Mobile Wallet”. We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app. After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so called recovery seed, to access the stored cryptocurrency. Similar constraints apply to its official app, “TREZOR Manager”.
Analyzing the fake app, we found that:
it can’t to do any harm to Trezor users given Trezor’s multiple security layers;
it is connected to a fake cryptocurrency wallet app named “Coin Wallet – Bitcoin, Ripple, Ethereum, Tether”, which is capable of scamming unsuspecting users out of money; and
both these apps were created based on an app template sold online.
We have reported the fake Trezor app to Google’s security teams and reached out to Trezor about the publication of this blogpost. Trezor confirmed the fake app did not pose a direct threat to their users. However, they did express c ..