A cryptocurrency stealing app discovered on Google Play was downloaded over a thousand occasions • TechCrunch


Researchers have discovered two apps masquerading as cryptocurrency apps on Android’s app retailer, Google Play.

One among them was largely a dud. The second was designed to steal cryptocurrency, the researchers stated.

Safety agency ESET stated one of many two faux Android apps impersonated Trezor, a {hardware} cryptocurrency pockets. The excellent news is that the app couldn’t be used to steal cryptocurrency saved by Trezor. However the researchers discovered the app was related to a second Android app that might have been used to rip-off funds out of unsuspecting victims.

Lukas Stefanko, a safety researcher at ESET — who has a protracted historical past of finding dodgy Android apps — stated the faux Trezor app “appeared reliable at first look” however was utilizing a faux developer title to impersonate the corporate.

The faux app was designed to trick customers into turning over a sufferer’s login credentials. Uploaded to Google Play on May 1, the app rapidly ranked because the second-most standard search consequence when looking for “Trezor” behind the official app, stated Stefanko. Customers on Reddit also found the faux app and reported it as lately as two weeks in the past.

Based on Stefanko, the server the place person credentials have been despatched was linked to a web site linked to a different faux pockets, purportedly to retailer cryptocurrency, and likewise listed on Google Play since February 25.

“The app claims it lets its customers create wallets for varied cryptocurrencies,” stated Stefanko. “Nevertheless, its precise goal is to trick customers into transferring cryptocurrency into the attackers’ wallets – a traditional case of what we’ve named pockets deal with scams in our earlier analysis into cryptocurrency-targeting malware.”

Each apps have been collectively downloaded greater than a thousand occasions. After ESET contacted Google, the apps have been pulled offline the subsequent day.

Learn extra:



Source link


Posted

in

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *