ESET researchers completed their analysis on counterfeit cryptocurrencies, which appeared in Google Play alongside the rise in value of Bitcoin.
During the current month, the bitcoin price climbed to the highest point since September of 2018. Naturally, cyber criminals quickly realized this development and started attacking users of cryptos using various scam and malicious applications.
One of these appears supposedly the popular wardrobe hardware for cryptobonds, Trezor. This illegal application is associated with a fake wallet app called "Coin Wallet - Bitcoin, Ripple, Ethereum, Tether", which has the ability to extract money from unsuspecting users through scam.
“We had never seen any malware abusing the Trezor brand and were wondering about the possibilities of such a fake application. Besides, Trezor hardware wallets require management by a natural user and PIN verification or knowledge of the so-called recovery seed to access the stored cryptocurrencies," notes ESET researcher Lukáš Štefanko, responsible for conducting the research, wanting to explain why there was interest in this fake app in particular."
ESET found in the analysis that no damage can be done to the cryptocurrencies of users of the original Trezor application, as the latter has multiple levels of security. However, the illegal application is linked to "Coin Wallet", a fake cryptocurrency wallet application that is capable of extracting money from unsuspecting users through scam. "Both of these applications were created based on a template for creating an app that sells online," adds ftefanko.
The application that "disguises" as a mobile wallet for Trezor appeared on Google Play on May 1, 2019, with the developer name "Trezor Inc". At first glance, σελίδα of the application on Google Play appeared to be trusted. When conducting the ESET analysis, the fake app appeared as the second most popular result when searching for "Trezor" on Google Play, just below the official app. However, this is a fake application used to "fish" login credentials.
The server used to collect credentials from the fake Trezor application is hosted at coinwalletinc.com. While researching the domain, ESET researchers led to another malicious application, named "Coin Wallet" on both its website and Google Play, as well as the same code and interface. The website has a link to Google Play, where the app has been available since February at 2019.
“The app claims to allow its users to create wallets for various cryptocurrencies. However, its real purpose is to trick users into transferring their cryptocurrencies to scammers' wallets – a classic case scams, which we have called 'wallet address scam' in our previous research on malware targeting cryptocurrencies," says Lukáš Štefanko.
Finally, Štefanko gives some tips to users on how to stay safe with online cryptoscopes:
- Trust cryptic and financial services applications only if they are linked to their official website.
- Only enter your sensitive information into electronic forms if you are confident about their security and legitimacy.
- Keep her updated device you.
- Use a reliable mobile security solution to block and remove threats.
ESET has informed Google's security teams about the fake Trezor application, and has contacted the Treasurer to make this investigation public. Trezor has confirmed that the fake application is not a direct threat to its users.
However, she was concerned that e-mail addresses collected through fake applications like this could later be maliciously used in phising campaigns.
At the time of writing, both the fake Trezor app and the Coin Wallet app were not on Google Play.
______________________
- Tor Browser 8.5 for Everyone + the first stable version for Android
- openSUSE 15.1 just released the stable version
- Phishing: how it stops with mechanical learning
