Fake Trezor App in Google Play Scams Users

[silversurfer]

Malicious actors have been using a new set of fake cryptocurrency apps on Google Play that are reportedly able to phish and scam users out of cryptocurrency, according to ESET researchers.
 
Researchers observed one app impersonating Trezor, a hardware cryptocurrency wallet. The app, called Coin Wallet – Bitcoin, Ripple, Ethereum, Tether, actually connects to a fake wallet, reportedly created on May 1, that scams unsuspecting users out of money. It appears as the second-most popular search on Google Play, according to researchers.
 
Bitcoin has seen growth this month, with prices inching back up to the $8,000 range. Cyber-criminals were quick to exploit this price boost and got to work targeting users with scams and malicious apps.
 
“We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app. After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so-called recovery seed, to access the stored cryptocurrency,” explained Lukáš Štefanko, the ESET researcher in a press release.

ESET reported the fake Trezor app to both Google’s security teams and Trezor, which confirmed that the fake app did not pose a direct threat to their users. “However, they did express concern that the email addresses collected via fake apps such as this one could later be misused in phishing campaigns. At the time of writing, neither the fake Trezor app nor the Coin Wallet app are available on Google Play,” today’s press release stated.

SOURCE: https://www.infosecurity-magazine.com/ne...le-play-1/