May 2019 has seen bitcoin growing, with its price climbing to its highest points since September 2018. Not surprisingly, cybercrooks were quick to notice this development and started upping their efforts in targeting cryptocurrency users with various scams and malicious apps.
One such app was recently spotted on Google Play by Reddit users, impersonating the popular hardware cryptocurrency wallet Trezor and using the name “Trezor Mobile Wallet”. We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app. After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so called recovery seed, to access the stored cryptocurrency. Similar constraints apply to its official app, “TREZOR Manager”.
Analyzing the fake app, we found that:
- it can’t to do any harm to Trezor users given Trezor’s multiple security layers;
- it is connected to a fake cryptocurrency wallet app named “Coin Wallet – Bitcoin, Ripple, Ethereum, Tether”, which is capable of scamming unsuspecting users out of money; and
- both these apps were created based on an app template sold online.