According to an ESET report, cryptocurrency users should be aware of a new batch of fake apps that entered the Google Play Store, claiming to help people with their mining activities, or the management of their wallets. The rise in the Bitcoin price that is taking place in the past month has won the attention of cyber-crooks, who know that where is money there are victims, and so once again, they are among the first to respond and adjust to the “new market”. According to the ESET researchers, the malicious apps are the “Coin Wallet” and the “Trezor Mobile Wallet”.
While the apps have been removed from the Play Store, following ESET’s tip, they are still available on their respective websites, so people can still find them and download them on their phones, hoping that they got something useful to aid them in the crypt-money-making process. Trezor is a popular brand in the world of cryptomining, as it is one of the most popular companies offering hardware wallets. They even have their own app on Play Store, called the “TREZOR Manager”, so it could be easy for someone to get confused when looking for it.
Both of the malicious apps were created using an “off the shelf” template, and both are connected to the same server, so the actor behind both is the same person/group. The Trezor Mobile Wallet app tries to collect the email address of its users, as well as their login passwords to their legitimate wallets. Whatever information is entered on the fake form is harvested by the malicious server, potentially for use in future phishing campaigns. Obviously, and with the multiple layers of security that underpin hardware wallets, it is impossible for apps like these to ever access the users’ accounts.
In the case of the Coin Wallet, the situation is a little bit different. The app pretends to generate a unique wallet address for the user, but in fact, they just try to trick people into transferring their cryptocurrency from their wallets to those belonging to the crooks. The wallet that the app supposedly generates is not in the control of the user but of the actors, but until the victim realizes that they don’t have the private key to access the funds, it may already be too late for them.
Have you ever fallen victim of a crypto-wallet scam app? Share your experience with us in the comments down below, and help everyone stay safe by doing the same on our socials, on Facebook and Twitter.