Just like in the traditional financial system where fraudsters never cease to exist, crypto thieves are also getting smarter every day. In the latest, they’ve now moved from conducting cryptojacking operations to creating fake apps on Google Play, in a bid to “phish” for bitcoin (BTC), reports SecurityBrief on May 23, 2019.
Fake Apps Live on Play Store
Per sources close to the matter, rogue actors have launched several phony cryptocurrency apps on the Google Play store with the aim of phishing and stealing users’ cryptocurrency.
While 2018 was a dull year for cryptocurrency market participants, including Bitcoin miners and crypto traders, as the price of Satoshi Nakamoto’s virtual currency lost nearly 80 percent of 2017’s massive gains, April brought in a breath of fresh air to the markets, sending BTC to $8,000.
In the same vein, cyberpunks have taken advantage of the latest price rally to develop various malicious cryptocurrency wallets to defraud unsuspecting digital assets holders.
Reportedly, these rogue actors have created an application impersonating the popular Trezor cryptocurrency wallet.
Though the researchers have stated that the fake app is not powerful enough to cause any harm to Trezor users, since wallet has multiple security layers, the malicious app is, however, connected to another phony crypto wallet called “Coin Wallet,” which is capable to scamming those who download it.
Commenting on the matter, Lukas Stefanko, a researcher at the ESET cybersecurity firm, noted that:
“We haven’t previously seen malware misusing Trezor’s branding and were curious to find out the capabilities of such a fake app. After all, Trezor’s hardware wallets require physical manipulation and authentication via PIN, or knowledge of the so-called recovery seed, to access the stored cryptoassets.”
Notably, the researchers have revealed that the fraudsters used an app template they purchased online to create the malicious Trezor mobile wallet app which was “uploaded to Google Play on May 1, 2019, under the developer name “Trezor Inc.”
The app claims to be a multi-currency wallet; however, it’s primary objective is to deceive users into transferring their hard-earned cryptos to the scammers’ wallet addresses.
“The fake Trezor app’s page on Google Play appeared trustworthy at first glance, coming up as the second most popular result when searching for ‘Trezor’ on Google Play, right behind Trezor’s official app,” added Stefanko.
The researchers advised crypto hodlers to only trust and download apps that come directly from the original source, avoid entering personal data into online forms unless the source has been duly verified, while also installing useful mobile security tools.