Researchers discovered two applications masquerading as crypto apps on the app store of Android, the Google Play Store. One of them has been mostly a dud. The second one has been designed to steal crypto, according to the statements of researchers.
Two fake apps on Google Play Store discovered recently
Fraudsters were adding fake crypto wallets to the Google Play Store app store of Android, trying to cash in on rising BTC or Bitcoin prices, according to the antivirus researchers of ESET, reported on the 23rd of May.
According to the security firm ESET, one of the malicious apps imitated the hardware wallet Trezor. However, the good news is that the app could not be utilized to steal crypto, which is stored by Trezor. But, the investigation also found that the software had connections to another fake app which has the potential to scam innocent users out of money.
While the page of the app on Google Play Store looked legitimate, the researchers said that the software itself contains no Trezor branding at all, with a generic login screen phishing for credentials.
According to the security firm, more than 1,000 users had downloaded one of these malicious applications. Even though it claimed to enable its customers to create wallets for storing their crypto, the software has been designed to trick them into transferring coins to the addresses which are owned by the attackers.
More crypto scams expected with the growth of BTC price
The researchers also warned that if BTC continues its growth trend, people can expect more crypto scam apps to emerge in the official Android app store, and even elsewhere.
One security researcher at ESET, named Lukas Stefanko, who actually has a long history of finding malicious apps on Android, said that the fake Trezor app appeared trustworthy at first glance, but it was utilizing a false developer name to impersonate the company.
This app was designed to trick users into turning over the login credentials of the victim. Uploaded to the Google Play Store on the 1st of May, the application ranked, for a short time, as the second-most popular search result when searching for Trezor behind the legitimate app, according to Lukas.
He also said that the server where the user credentials were sent has been connected to a website which was connected to another fake wallet, to store crypto, and also listed on Google Play Store since the 25th of February, 2019.
Stefanko said that the app claims it lets its users create wallets for different cryptos. But, its actual purpose is to trick the users into transferring crypto into the wallets of the attackers – a classic case of what is called wallet address scams.
Warnings for crypto users
Cryptocurrency users are being urged to trust an application if the official website of the company links to it, regularly update their device, and think twice before they enter their sensitive information into online forms.
Trezor also told the researchers that this fake app didn’t appear to pose some security threat to the users; however, the company said that it was also concerned that the email addresses which were collected through the software could be utilized for phishing attempts soon.
Both the applications were collectively downloaded more than 1,000 times. After the ESET contacted Google, Google Play has removed the apps from its marketplace the following day.
Last year, Trezor issued its warning to the users after fraudsters started making counterfeit versions of its hardware wallets. In November of last year, Stefanko also found four fake crypto wallets on Google Play Store, which were posing as official pieces of software for Tether, Neo, and Metamask.