Fake Crypto Wallet App Imitating Trezor Found on Google Play Store
While the app’s page on Google Play looked legitimate, the researchers said the software itself contains no Trezor branding at all, with a generic login screen phishing for credentials.
According to ESET, more than 1,000 users had downloaded one of the dodgy apps. Although it claimed to enable its customers to create wallets for storing their crypto, the software was actually designed to trick them into transferring coins to addresses owned by the attackers. The researchers warned:
Crypto users are being urged to only trust an app if the company’s official website links to it, regularly update their devices and think twice before entering their sensitive information into online forms.
Trezor told the researchers that the fake app did not appear to pose a security threat to its users, but the company said it was concerned that the email addresses collected through the software could be used for phishing attempts in the future. Google Play has since removed the apps from its marketplace.
Last year, Trezor issued a warning to users after fraudsters began to make counterfeit versions of its hardware wallets.
Back in November 2018, malware researcher Lukas Stefanko found four fake crypto wallets on the Google Play Store that were posing as official pieces of software for neo, tether and metamask.