Hackers plot to distribute cryptocurrency malware on Google Play

0
134
One app pretended to be a Trezor wallet

A grievous result of Bitcoin’s value restoration lately is the resurgence of cryptocurrency malware on Google Play.

ESET security researchers, have verified that there were at least two apps on Google Play specifically designed to steal users’ coins. One such app, called Trezor Mobile Wallet, was masquerading as an app version of the popular hardware wallet, Trezor.

The fake Trezor app was uploaded on May 1, 2019, and appeared second in the search results behind Trezor’s legitimate app, ESET security researcher Lukas Stefanko points out.

Since it made it to Google Play (where software has supposedly undergone seuciroty checks), there is no reason to believe it is a fake app.

It even highlights symbolism and materials that have a place with the genuine Trezor app.

All things considered, when it’s introduced, the app’s homescreen symbol really has a “Coin Wallet” logo rather than Trezor’s. It’s here that any notice of Trezor closes.

At the point when the client opens the app a login screen appears, which is utilized to phish for clients’ delicate information. Stefanko says it’s unclear what the login credentials will be used for, but all this data is purportedly sent to the scammers’ servers.

Thankfully on this occasion, at the time of writing both apps appear to have already been removed from Google Play.