Express Computer
Home  »  Security  »  Fake cryptocurrency wallets emerged on Google Play

Fake cryptocurrency wallets emerged on Google Play

ESET researchers have just concluded their analysis of fake cryptocurrency wallets that emerged on Google Play at the time of bitcoin’s renewed spike in value.

2 361

ESET researchers have just concluded their analysis of fake cryptocurrency wallets that emerged on Google Play at the time of bitcoin’s renewed spike in value. This month has seen bitcoin growing, with its price climbing to its highest point since September 2018. Not surprisingly, cybercriminals were quick to notice this development and started upping their efforts in targeting cryptocurrency users with various scams and malicious apps. One is impersonating the popular hardware cryptocurrency wallet Trezor. The illegitimate app was connected to a fake cryptocurrency wallet app named “Coin Wallet – Bitcoin, Ripple, Ethereum, Tether,” which is capable of scamming unsuspecting users out of money.

“We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app. After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so-called recovery seed, to access the stored cryptocurrency,” explains Lukáš Štefanko, the ESET researcher who conducted the research, concerning his interest into this specific fake app.

Analyzing the fake app, ESET found that it can’t to do any harm to Trezor users’ crypto-savings given Trezor’s multiple security layers; however, it is connected to a fake cryptocurrency wallet app “Coin Wallet,” which is capable of scamming unsuspecting users out of money. “Both these apps were created based on an app template sold online,” he adds.

The app masquerading as a mobile wallet for Trezor was uploaded to Google Play on May 1, 2019, under the developer name “Trezor Inc.” Overall, the app’s page on Google Play appeared trustworthy at first glance. At the time of our analysis, the fake app even came up as the second most popular result when searching for “Trezor” on Google Play, right behind Trezor’s official app. However, the fake app is used to phish for login credentials.

The server used to harvest credentials from the fake Trezor app is hosted on coinwalletinc.com. Looking into the domain led us to another fraudulent app, named “Coin Wallet” on its website and on Google Play. They also overlap in code and interface. The website contains a link to Google Play, where the app was available from February 2019.

“The app claims it lets its users create wallets for various cryptocurrencies. However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named wallet address scams in our previous research into cryptocurrency-targeting malware,” says Lukáš Štefanko.

Finally, Štefanko offers a few tips around how to stay safe with cryptocurrencies online:

Only trust cryptocurrency-related and other finance apps if they are linked from the official website of the service.
Only enter your sensitive information into online forms if you are certain of their security and legitimacy.
Keep your device updated.
Use a reputable mobile security solution to block and remove threats.

We have reported the fake Trezor app to Google’s security teams and have reached out to Trezor about the publication of this blog post. Trezor confirmed that the fake app did not pose a direct threat to their users. However, they did express concern that the email addresses collected via fake apps such as this one could later be misused in phishing campaigns. At the time of writing, neither the fake Trezor app nor the Coin Wallet app are available on Google Play.

Get real time updates directly on you device, subscribe now.

2 Comments
  1. douaa says

    Hi,
    Thanks for sharing this post

  2. ahmed says

    Hi,
    Thanks for sharing this post

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image