New fake cryptocurrency apps crop up on Google Play as bitcoin prices rise, ESET researchers have found. Two fake cryptocurrency apps—"Trezor Mobile Wallet” and “Coin Wallet – Bitcoin, Ripple, Ethereum, Tether” app—have been spotted on the Google Play store. According to ESET researchers, there was an “overlap in code and interface” of the two apps. The apps have since been removed from the store.
Fake Trezor app posed no direct harm to Trezor users thanks to Trezor’s security measures. However, it could be used to collect email addresses which could be later used for phishing campaigns targeting Trezor users. Trezor app appeared genuine at first glance—the developer name was “Trezor Inc.”, app description and images looked legitimate. However, upon downloading, the icon was different than the one in Google Play. The login screen also appeared generic—the name of the company absent.
The Coin Wallet app, on the other hand, was a fake wallet which could have been used to scam people out of money. The app offered users to create wallets for their cryptocurrencies. However, in reality, it served to trick people into transferring tokens into scammers’ wallets. In a so-called wallet address scam, the attackers provided a wallet for each supported cryptocurrency. Each victim got the same wallet address.