Researchers have found dual apps masquerading as cryptocurrency apps on Android’s app store, Google Play.
One of them was mostly a dud. The second was designed to take cryptocurrency, a researchers said.
Security organisation ESET pronounced one of a dual feign Android apps impersonated Trezor, a hardware cryptocurrency wallet. The good news is that a app couldn’t be used to take cryptocurrency stored by Trezor. But a researchers found a app was connected to a second Android app that could have been used to fraud supports out of gullible victims.
Lukas Stefanko, a confidence researcher during ESET — who has a prolonged story of finding dodgy Android apps — pronounced a feign Trezor app “appeared infallible during initial glance” though was regulating a feign developer name to burlesque a company.
The feign app was designed to pretence users into branch over a victim’s login credentials. Uploaded to Google Play on May 1, a app fast ranked as a second-most renouned hunt outcome when acid for “Trezor” behind a legitimate app, pronounced Stefanko. Users on Reddit also found a feign app and reported it as recently as dual weeks ago.
According to Stefanko, a server where user certification were sent was related to a website related to another feign wallet, purportedly to store cryptocurrency, and also listed on Google Play since Feb 25.
“The app claims it lets a users emanate wallets for several cryptocurrencies,” pronounced Stefanko. “However, a tangible purpose is to pretence users into transferring cryptocurrency into a attackers’ wallets – a classical box of what we’ve named wallet residence scams in a prior investigate into cryptocurrency-targeting malware.”
Both apps were collectively downloaded some-more than a thousand times. After ESET contacted Google, a apps were pulled offline a subsequent day.
- Half a million Android users duped into downloading malware from Google Play
- Security researchers find over a dozen iPhone apps related to Golduck malware
- A absolute spyware app now targets iPhone owners
- Google warns app developers of 3 antagonistic SDKs being used for ad fraud
- Apple tells app developers to divulge or mislay shade recording code
- Apple restores Google’s inner iOS apps after certificate injustice punishment