Security company ESET has recently launched yet another study related to the applications available within the Google Play Store, which are focused on offering crypto-coins portfolios having emerged after the market bitcoins re-started from September 2018.
It all started with the signage of a user on Reddit who identified an application called “Trezor Mobile Wallet”, which tries to pass through the official and safe application “Trezor Manager”, thus deceiving the most inattentive being this a novelty, thus generating curiosity of researchers to study.
According to Lukáš Štefanko, ESET researcher responsible for the research in question, fraud is not capable of causing damage to Trezor users because of the security mechanisms implemented in the original service.
“We have not previously seen malware using the Trezor brand and we are curious about the features of such a fake application. After all, Trezor offers hardware portfolios that require physical manipulation and PIN authentication, or knowledge of the so-called recovery seed, to access the stored crypto.
By looking at the fake application, ESET has found that it can not do any harm to Trezor users’ encryption economy, given Trezor’s multiple layers of security;however, it is connected to a fake coin wallet application, the Coin Wallet, which is capable of misleading unsuspecting users.
How did the fake app work?
The first point observed by the team is that the fraud is clear shortly after the installation of the application and the main indicators of this is that on completion, the icon of the latter will display the name of “Coin Wallet” instead of the official application, Trezor.
Still, if the user chooses to open the app, a generic login screen is displayed, which is dedicated to collecting access credential data, which is then transmitted to the server related to the “Coin Wallet” applications and to “Coin Wallet – Ripple, Ethereum, Tether “, both also available in the Google Play Store.
But what is the intent of the application then?
The idea behind this application is to capture users by selling the image of being abroad and robust service, capable of supporting 13 wallets together thus unifying the control.
Obviously, behind the tempting proposal, there is only the intention of getting the money from “customers” at the moment of the transfer of the values, thus generating a purported exclusive portfolio address for the migration of the values, which is, in fact, the portfolio of its creators.
How to protect yourself?
To remain safe, no complex or elaborate actions are required, as can be seen in the list of actions suggested by ESET itself in the same study.
- Trust only financial and crypto-coin-related applications if a link to the application appears on the official website of the service.
- Just enter your confidential information into online forms while being sure about your security and legitimacy.
- Keep your device up to date.
- Use a trusted mobile security solution to block and remove threats.