ESET antivirus researchers have detected two malicious apps impersonated Trezor, a hardware crypto wallet, on Google Play Store.
The investigation found that the first fake app named “Trezor Mobile Wallet”. While the app’s page on Google Play looked real, the software itself contains no Trezor branding at all, with an untrademarked login screen. Analyzing the app, ESET researchers confirmed that it posed no security threat to Trezor users thanks to the multiple security layers.
However, the app is linked to another fake crypto wallet app titled “Coin Wallet – Bitcoin, Ripple, Ethereum, Tether”, which is capable of stealing money from naive users. Although it claimed to allow its users to create multiple crypto wallets, the software was actually designed to trick them into transferring coins to hackers’ wallets.
According to ESET, more than 1,000 users had downloaded the scam apps. Both apps were created based on app template sold online and have been taken down from the Google Play store.
“If bitcoin continues its growth trend, we can expect more cryptocurrency scam apps to emerge in the official Android app store and elsewhere,” the report noticed.
Trezor, in response, concerned that the email addresses collected via fake apps could later be illegally used in scamming activities. Crypto traders are being advised to only click on links from official websites, regularly update their devices and be careful when giving their personal data online.
Back in Feb, ESET found a crypto malware named Android/Clipper.C designed to steal crypto from users who download and use the MetaMask app from Google Play to transfer funds, reported by The Crypto Sight on Feb 14.