ESET researchers completed their analysis about fakes walleta of cryptocurrencies, which appeared on Google Play alongside the rise in value of Bitcoin.
During the current month, the bitcoin price climbed to the highest point since September of 2018. Naturally, cyber criminals quickly realized this development and started attacking users of cryptos using various scam and malicious applications.
One of these appears supposedly the popular wardrobe hardware for cryptobonds, Trezor. This illegal application is associated with a fake wallet app called "Coin Wallet - Bitcoin, Ripple, Ethereum, Tether", which has the ability to extract money from unsuspecting users through scam.
"We had never detected malware abuse of Trezor's name and we were wondering about the possibilities of such a false application. In addition, Trezor hardware wallets require physical user management and PIN verification or knowledge of recovery words for access to stored cryptosncs, "says ESET researcher Lukáš Štefanko, who is in charge of conducting the research, explain why he was particularly interested in this fake application. "
ESET found in the analysis that no damage can be done to the cryptocurrencies of users of the original Trezor application, as the latter has multiple levels of security. However, the illegal application is linked to "Coin Wallet", a fake cryptocurrency wallet application that is capable of extracting money from unsuspecting users through scam. "Both of these applications were created based on a template for creating an app that sells online," adds ftefanko.
The app disguised as a mobile wallet for Trezor appeared on Google Play on May 1, 2019, with name developer "Trezor Inc". At first glance, the app's Google Play page appeared trustworthy. When conducting ESET's analysis, the fake app appeared as the second most popular result when searching for "Trezor" on Google Play, just below the official app. However, this is a fake app that is used to “fishing» of login credentials.
Ο server used for collection credentials from the fake Trezor app hosted on coinwalletinc.com. Investigating the domain, ESET researchers were led to another malicious app, branded as "Coin Wallet" on both its website and Google Play, with the same code and interface. On the website there is a link to Google Play, where the application has been available since February 2019.
«Η εφαρμογή ισχυρίζεται ότι επιτρέπει στους χρήστες της να δημιουργήσουν πορτοφόλια για διάφορα κρυπτονομίσματα. Ωστόσο, ο πραγματικός σκοπός της είναι να εξαπατήσει τους χρήστες να μεταφέρουν τα κρυπτονομίσματα τους στα πορτοφόλια των απατεώνων - μια κλασική περίπτωση απάτης, που έχουμε ονομάσει «wallet address scam» στην προηγούμενη έρευνα μας σχετικά με το malware που στοχεύει κρυπτονομίσματα», λέει ο Lukáš Štefanko.
Finally, Štefanko gives some tips to users on how to stay safe with online cryptoscopes:
- Trust cryptic and financial services applications only if they are linked to their official website.
- Only enter your sensitive information into electronic forms if you are confident about their security and legitimacy.
- Keep your device up to date.
- Use a reliable mobile security solution to block and remove threats.
ESET has informed Google's security teams about the fake Trezor application, and has contacted the Treasurer to make this investigation public. Trezor has confirmed that the fake application is not a direct threat to its users.
However, she was concerned that e-mail addresses collected through fake applications like this could later be maliciously used in phising campaigns.
At the time of writing, both the fake Trezor app and the Coin Wallet app were not on Google Play.
______________________
- Tor Browser 8.5 for Everyone + the first stable version for Android
- openSUSE 15.1 just released the stable version
- Phishing: how it stops with mechanical learning
