Trezor says the fake app does not pose a direct threat to users, but is concerned that attackers could attempt to phish its customers in future.
Fraudsters have been adding fake cryptocurrency wallets to the Google Play store in an attempt to cash in on rising bitcoin (BTC) prices, ESET antivirus researchers claimed on May 23.
One malicious app imitated the hardware wallet Trezor — and the investigation found that the software had ties to another fake app that has the potential to scam unsuspecting users out of money.
While the app’s page on Google Play looked legitimate, the researchers said the software itself contains no Trezor branding at all, with a generic login screen phishing for credentials.
According to ESET, more than 1,000 users had downloaded one of the dodgy apps. Although it claimed to enable its customers to create wallets for storing their crypto, the software was actually designed to trick them into transferring coins to addresses owned by the attackers. The researchers warned:
“If bitcoin continues its growth trend, we can expect more cryptocurrency scam apps to emerge in the official Android app store and elsewhere.”
Crypto users are being urged to only trust an app if the company’s official website links to it, regularly update their devices and think twice before entering their sensitive information into online forms.
Trezor told the researchers that the fake app did not appear to pose a security threat to its users, but the company said it was concerned that the email addresses collected through the software could be used for phishing attempts in the future. Google Play has since removed the apps from its marketplace.
Last year, Trezor issued a warning to users after fraudsters began to make counterfeit versions of its hardware wallets.
Back in November 2018, malware researcher Lukas Stefanko found four fake crypto wallets on the Google Play Store that were posing as official pieces of software for neo, tether and metamask.