Home Scams Faux cryptocurrency apps crop up on Google Play as bitcoin worth rises

Faux cryptocurrency apps crop up on Google Play as bitcoin worth rises

by ethhack

ESET researchers have analyzed pretend cryptocurrency wallets rising on Google Play on the time of bitcoin’s renewed development

Might 2019 has seen bitcoin rising, with its worth climbing to its highest factors since September 2018. Not surprisingly, cybercrooks had been fast to note this improvement and began upping their efforts in focusing on cryptocurrency customers with numerous scams and malicious apps.

One such app was lately spotted on Google Play by Reddit customers, impersonating the favored {hardware} cryptocurrency pockets Trezor and utilizing the title “Trezor Cell Pockets”. We haven’t beforehand seen malware misusing Trezor’s branding and had been curious concerning the capabilities of such a pretend app. In spite of everything, Trezor provides {hardware} wallets that require bodily manipulation and authentication through PIN, or information of the so referred to as restoration seed, to entry the saved cryptocurrency. Related constraints apply to its official app, “TREZOR Manager”.

Analyzing the pretend app, we discovered that:

  1. it might’t to do any hurt to Trezor customers given Trezor’s a number of safety layers;
  2. it’s related to a pretend cryptocurrency pockets app named “Coin Pockets – Bitcoin, Ripple, Ethereum, Tether”, which is able to scamming unsuspecting customers out of cash; and
  3. each these apps had been created primarily based on an app template offered on-line.

We have now reported the pretend Trezor app to Google’s safety groups and reached out to Trezor concerning the publication of this blogpost. Trezor confirmed the pretend app didn’t pose a direct menace to their customers. Nonetheless, they did categorical concern that the e-mail addresses collected through pretend apps resembling this one may very well be later misused for phishing campaigns focused in opposition to Trezor customers.

On the time of writing, neither the pretend Trezor app nor the Coin Pockets app can be found on Google Play.

The app masquerading as a cellular pockets for Trezor was uploaded to Google Play on Might 1, 2019 underneath the developer title “Trezor Inc.”, as seen in Determine 1. General, the app’s web page on Google Play appeared reliable – the app title, developer title, app class, app description and pictures all appear reputable at first look. On the time of our evaluation, the pretend app even got here up because the second consequence when trying to find “Trezor” on Google Play, proper after Trezor’s official app.

Determine 1. The pretend app on Google Play

What does it do?

The convincing disguise, nonetheless, begins and ends on Google Play. After set up, the icon that seems on customers’ screens differs from the one seen on Google Play, which serves as a transparent indicator of one thing fishy. The icon of the put in app has “Coin Pockets” in it, as seen in Determine 2.

Determine 2. The icon of “Trezor Cell Pockets” after set up

Moreover, when customers launch the app, a generic login display screen is displayed, with no point out of Trezor, as seen in Determine 3. That is one other indicator we aren’t coping with a reputable app. This generic display screen is used to phish for login credentials – however it’s unclear precisely what credentials, and what potential use they may very well be to attackers. Both approach, no matter customers enter into the pretend login kind is shipped to the attacker’s server, as proven in Determine 4.

Determine 3. The generic login display screen displayed by the pretend app


Determine 4. The entered credentials are despatched to the attacker’s server

As seen in Determine 4, the server used to reap credentials from the pretend Trezor app is hosted on coinwalletinc[.]com. Trying into the area led us to a different fraudulent app, named “Coin Pockets” on its web site and “Coin Pockets – Bitcoin, Ripple, Ethereum, Tether” on Google Play. This app is described within the following part of this blogpost.

The Coin Pockets app and the pretend Trezor app described within the earlier part have loads in frequent – moreover utilizing the identical server, additionally they overlap in code and interface. The Coin Pockets app makes use of the identical icon that we’ve got seen within the pretend Trezor app after set up.

On its web site, the Coin Pockets app is described because the “World’s main Coin Pockets”, as seen in Determine 5.

Determine 5. The Coin Pockets app’s misleading presentation on its web site

The web site incorporates a hyperlink to Google Play, the place the app was out there from February 7, 2019 till Might 5, 2019 underneath the title “Coin Pockets – Bitcoin, Ripple, Ethereum, Tether”, as seen in Determine 6. Throughout that point, it was put in by greater than 1000 customers.

The web site additionally seems to hyperlink to Apple’s App Retailer, however clicking the “Out there on the App Retailer” button solely results in the URL of the PNG picture.

Determine 6. The fraudulent Coin Pockets app on Google Play

What does it do?

The app claims it lets its customers create wallets for numerous cryptocurrencies. Nonetheless, its precise function is to trick customers into transferring cryptocurrency into the attackers’ wallets – a traditional case of what we named wallet address scams in our earlier analysis of cryptocurrency-targeting malware.

How this works is that the app pretends to generate a novel pockets tackle the place customers can switch their cash. In actuality, this tackle belongs to the attackers’ pockets, as solely they’ve the personal key needed for accessing the funds. The attackers have one pockets for every supported cryptocurrency – 13 wallets altogether – and all victims with any particular focused cryptocurrency are given the identical pockets tackle.

Trying on the shared graphic parts of this and the fraudulent Trezor app, it appears that evidently each have been created on the identical foundation. A Google seek for “coinwallet app template” returns a generic “Android cryptocurrency pockets template” available for $40. The template itself is a benign asset turned malicious within the arms of attackers; nonetheless, we see right here how such property could also be utilized by extra attackers to create misleading apps shortly and cheaply.

If bitcoin continues its development development, we will count on extra cryptocurrency rip-off apps to emerge within the official Android app retailer and elsewhere. When putting in apps, it is very important stick with some fundamental safety ideas – much more so when cash is at stake.

  • Solely belief cryptocurrency-related and different finance apps if they’re linked from the official web site of the service
  • Solely enter your delicate data into on-line kinds if you’re sure of their safety and legitimacy
  • Preserve your system up to date
  • Use a good cellular safety resolution to dam and take away threats
Bundle Identify Hash Detection
com.trezorwalletinc.cryptocurrency 0021A89588C8CEB885A40FBCCA6DD76D Trojan.Android/FakeApp.KO
com.walletinc.cryptocurrency EE9E4AD693A0F0C9971145FB0FB0B85C Trojan.Android/FakeApp.KO
Cryptocurrency Pockets
BTC 17jAe7hTZgNixT4MPZVGZD7fGKQpD9mppi
DOGE DGf6dT2rd9evb4d6X9mzjd9uaFoyywjfrm
ETH 0x69919d83F74adf1E6ACc3cCC66350bEA4b01E92C
LTC Lg64xV4Mw41bV3pTKc5ooBJ4QZ81gHUuJ6
BCH qq9cjckr3r9wl5x4f3xcfshpcj72jcqk9uu2qa7ja2
ZEC t1JKPTwHJcj6e5BDqLp5KayaXLWdMs6pKZo
XRP raPXPSnw61Cbn2NWky39CrCL1AZC2dg6Am
USDT 0x69919d83F74adf1E6ACc3cCC66350bEA4b01E92C
TRX TAm4fPA6yTQvaAjKs2zFqztfDPmnNzJqi2
ADA DdzFFzCqrhswWLJMdNPJK8EL2d5JdN8cSU1hbgStPhxDqLspXGRRgWkyknbw45KDvT2EJJhoPXuj2Vdsj6V6WWM5JABoZ4UhR7vnRopn
NEO AJqeUDNrn1EfrPxUriKuRrYyhobhk78zvK

Source link

Related Articles

Leave a Comment