A cryptocurrency hidden app found on Google Play was downloaded over a thousand times

Researchers have found dual apps masquerading as cryptocurrency apps on Android’s app store, Google Play.

One of them was mostly a dud. The second was designed to take cryptocurrency, a researchers said.

Security organisation ESET pronounced one of a dual feign Android apps impersonated Trezor, a hardware cryptocurrency wallet. The good news is that a app couldn’t be used to take cryptocurrency stored by Trezor. But a researchers found a app was connected to a second Android app that could have been used to fraud supports out of gullible victims.

Lukas Stefanko, a confidence researcher during ESET — who has a prolonged story of finding dodgy Android apps — pronounced a feign Trezor app “appeared infallible during initial glance” though was regulating a feign developer name to burlesque a company.

The feign app was designed to pretence users into branch over a victim’s login credentials. Uploaded to Google Play on May 1, a app fast ranked as a second-most renouned hunt outcome when acid for “Trezor” behind a legitimate app, pronounced Stefanko. Users on Reddit also found a feign app and reported it as recently as dual weeks ago.

According to Stefanko, a server where user certification were sent was related to a website related to another feign wallet, purportedly to store cryptocurrency, and also listed on Google Play since Feb 25.

“The app claims it lets a users emanate wallets for several cryptocurrencies,” pronounced Stefanko. “However, a tangible purpose is to pretence users into transferring cryptocurrency into a attackers’ wallets – a classical box of what we’ve named wallet residence scams in a prior investigate into cryptocurrency-targeting malware.”

Both apps were collectively downloaded some-more than a thousand times. After ESET contacted Google, a apps were pulled offline a subsequent day.

Read more: