Careful! Fake Trezor Wallet Appears on the Google PlayStore
The world of cryptocurrencies is growing at a quick pace,
the marketcap increase and hype of the community have attracted a growing
number of investors who are sure that the 2017 Bullrun is not a one-of-its-kind
event but can happen again.
However, not everything is good news in the crypto-verse, and just as many honest investors have jumped on the blockchain technologies train, the possibility of making easy money with crypto has also attracted some criminals.
The First Suspicions Appeared on Reddit
Recently, the arrival of an App in the Google Play Store raised users’ suspicions. Apparently, someone wanted to take advantage of the fame of the Trezor wallet hardware to perform a Phishing attack.
Reddit user mooncritic posted the message a little over a
week ago, but this went unnoticed for a few days:
Although Google banned the app, at least 50 people downloaded the fraudulent “Trezor Mobile Wallet” but so far there have been no reports or complaints from users who have lost their funds (and the wallet addresses handled by the scammers show that there is nothing to worry about).
The first flag that raised suspicion was that the apk
developer was not SatoshiLabs, and all developments associated with the brand
are handled by this firm.
Reddit user d9c3l audited the apk source code, and shared
that the “company” responsible for the app was “coinwalletinc(dot)com”.
The apk used a design similar to the Trezor software in an attempt to trick users into creating a manipulable wallet with an address owned by the scammers.
Of course, Coinwalletinc’s website shows a blank page and the name of the person who registered the domain cannot be obtained as they licensed it to NameCheap, Inc for confidentiality reasons.
Not the First Time
This is not the first time hackers and scammers have attempted phishing attacks against wallets. A few months ago, the famous multi-currency wallet JAXX suffered a phishing attack in which users trying to restore their wallets sent their data to a group of scammers.
The same thing happened more elaborately with Uphold,
however in this case the scammers used the official email address of the firm,
so it is presumed that there was an inside job.
Other wallet that use their own nodes (such as Electrum) have also suffered attacks, forcing to connect to a false node sending confidential information.
The best protection against this type of attacks is keep your funds offline, either on a paper wallet or using hardware devices. Also, make sure to have the most updated version of a reputable wallet, and double check that the software is being offered by a trusted developer