ESET analysts have discovered a fake Trezor Mobile Wallet app disguised as a popular wallet on the Google Play store.
Search results show this app second, right behind the official wallet. As a developer, Trezor Inc. is involved.
“We have never encountered malicious activity under the guise of Trezor, so the capabilities of such fake applications are of particular interest. After all, Trezor is a hardware-type cryptocurrency wallet, which requires physical access, PIN authentication and knowledge of seed phrases to restore access to the wallet, ”says ESET security expert Lucas Stefanko.
In the course of the study, ESET concluded that Trezor’s users are not at risk of saving money due to its multi-factor protection system. However, a fake application is associated with another fake program, the purpose of which is to steal a cryptocurrency.
After installing and running a fake program Trezor pops up a window to enter account information. Then they are sent to the attackers server located at coinwalletinc.com. This site contains a link to download the Coin Wallet application.
The program allows you to create wallets for 13 different cryptocurrencies, but all victims get the same address, which belong to fraudsters.
From February 7 to May 5, 2019, when the Coin Wallet was available on Google Play, it was downloaded over 1000 times.
“Use cryptocurrency and other financial applications only if they are linked to the official site of the service. You need to enter your confidential data in online forms only if you are confident in their security and legality, ” ESET specialists say.
Also, analysts did not rule out that the number of such applications could increase significantly if Bitcoin continues to grow in value.
Recall that in February a malicious application was disguised on Google Play, disguised as a MetaMask wallet, which replaced the addresses of the purses copied to the clipboard with the addresses of hackers.
Subscribe to BlockchainJournal news on VK !
BlockchainJournal.news
BlockchainJournal.news
