ESET reports fake cryptocurrency apps on Google Play Store
Researchers at ESET have reported two malicious cryptocurrency wallets on the Google Play Store, soon after a recent spike in the price of bitcoin. Coin Wallet and Trezor Mobile Wallet are the two fraudulent wallets that have been available for download for several weeks.
Coin Wallet was reported to be fairly harmless, it supported 13 different currencies, tokens, and assets. However, all the users received the exact same wallet address for the currency of their choice.
The Trezor Wallet, on the other hand, was a serious threat to users, as it tried to impersonate popular hardware cryptocurrency wallet, Trezor. The app was meant to trick users to provide their login credentials. However, users reported the app and no funds were stolen. Although, some of the victims’ personal information such as email addresses can be used for further phishing attacks.
Lukáš Štefanko, the ESET researcher who conducted the research explained,
“We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app. After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so-called recovery seed, to access the stored cryptocurrency,”
Google Play also warned its users about the apps on their app store, that were impersonating popular cryptocurrency apps.