An app designed for stealing crypto was available on Google Play and reportedly downloaded more than 1,000 times.
Crypto and Google Don’t Always Match
It’s scary to think that so many people have or had access to a tool designed to steal or take cryptocurrency that wasn’t theirs. At the same time, however, it’s not a big shock. The cryptocurrency market is still being tainted by malicious actors who seek to get their fingers around funds that don’t belong to them.
One of the more recent cases involves SIM-swapping. The process involves a hacker gaining access to a person’s cell phone after they figure out the victim’s social security number. They can then call the cell phone company and by providing this data, the employees are convinced that they’re speaking to the actual account holder. From there, private information – such as passwords and login information – are handed over to the hacker.
If this doesn’t work, some hackers may attempt to bribe the employees for the information, and sadly enough, this can work, such as in the recent case of Michael Terpin, who alleges that cryptocurrency was stolen from his account through a SIM-swap attack after a hacker bribed an AT&T employee with $100 for information regarding his login details.
In this situation, the app under scrutiny was found to be impersonating Trezor, a cryptocurrency hardware wallet. What’s positive is that the app couldn’t be used to take Trezor-stored cryptocurrencies, though it was connected to a second app on Android phones that could have been used to steal funds from other cryptocurrency holders.
Lukas Stefanko is a security researcher at ESET. His specialty involves finding fake or phony Android apps and commented that the item appeared “trustworthy at first glance.” However, it was using a “fake developer name” to potentially impersonate Trezor, which is what likely fooled many people into purchasing it.
The app claims it lets its users create wallets for various cryptocurrencies. However, it’s actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named wallet address scams in our previous research into cryptocurrency-targeting malware.
Tricking Users for Funds and Data
Persons who purchased the app would be tricked into turning hapless victims’ login credentials over to the attackers. The app was uploaded to Google Play on May 1, and swiftly ranked as the “second-most popular search result” when users examined or searched for Trezor online. In addition, users on the social media platform Reddit also commented about the app, having discovered it only weeks ago.
This isn’t the first time that Google has fallen victim to fraudulent crypto activity. Last year, it was discovered that Google was playing host to crypto-jacking apps and related software, which ultimately mined Monero and other cryptocurrencies from unsuspecting users’ computers.