Two fake cryptocurrency apps are present on the Google Play store, masquerading as “Coin Wallet” and as “Trezor Mobile Wallet”, researchers from ESET discovered. The security team from ESET also noted that there was an “overlap in code and interface” in the two apps.
Both apps have been removed from the Google Play store. Although one was trying to portray as a Trezor app, Trezor users themselves would be unaffected as the wallet is a cold one that requires physical authentication on the device. However, the blog post notes that the app could be used in phishing attacks against Trezor users.
The Coin Wallet app, however, posed a direct threat to users, as it portrayed itself as a wallet app, where in fact users who stored coins on it would be sending it to the scammer’s wallet. Each user had the same wallet address. These scams are called wallet address scams.
Researchers urged users to employ caution in the space as Bitcoin and the market sits on an upward trend, saying,
If bitcoin continues its growth trend, we can expect more cryptocurrency scam apps to emerge in the official Android app store and elsewhere. When installing apps, it is important to stick to some basic security principles – even more so when money is at stake.