- Fake cryptocurrency wallet apps are targeting people who got enthusiastic about the recent Bitcoin price rise.
- The one app tries to imitate a popular brand and to gather their users’ credentials.
- The second app is tricking people into transferring their money into the crooks’ wallets.
According to an ESET report,
cryptocurrency users should be aware of a new batch of fake apps that
entered the Google Play Store, claiming to help people with their mining
activities, or the management of their wallets. The rise in the Bitcoin
price that is taking place in the past month has won the attention of
cyber-crooks, who know that where is money there are victims, and so
once again, they are among the first to respond and adjust to the “new
market”. According to the ESET researchers, the malicious apps are the
“Coin Wallet” and the “Trezor Mobile Wallet”.
While the apps have been removed from the Play Store, following
ESET’s tip, they are still available on their respective websites, so
people can still find them and download them on their phones, hoping
that they got something useful to aid them in the crypt-money-making
process. Trezor is a popular brand in the world of cryptomining, as it
is one of the most popular companies offering hardware wallets. They
even have their own app on Play Store, called the “TREZOR Manager”, so
it could be easy for someone to get confused when looking for it.
Both of the malicious apps were created using an “off the shelf” template,
and both are connected to the same server, so the actor behind both is
the same person/group. The Trezor Mobile Wallet app tries to collect the
email address of its users, as well as their login passwords to their
legitimate wallets. Whatever information is entered on the fake form is
harvested by the malicious server, potentially for use in future
phishing campaigns. Obviously, and with the multiple layers of security
that underpin hardware wallets, it is impossible for apps like these to
ever access the users’ accounts.
In the case of the Coin Wallet, the situation is a little bit
different. The app pretends to generate a unique wallet address for the
user, but in fact, they just try to trick people into transferring their
cryptocurrency from their wallets to those belonging to the crooks. The
wallet that the app supposedly generates is not in the control of the
user but of the actors, but until the victim realizes that they don’t
have the private key to access the funds, it may already be too late for
them.
Have you ever fallen victim of a crypto-wallet scam app? Share
your experience with us in the comments down below, and help everyone
stay safe by doing the same on our socials, on Facebook and Twitter.
0 comments:
Post a Comment