[PSA] Fake Trezor wallet on Google Apps

[Baofeng]

Recently, there was a fake Trezor wallet app in Play Store,

https://play[dot]google[dot]com/store/apps/details?id=com.trezorwalletinc.cryptocurrency

Fortunately, it was already taken down.

SatoshiLabs also confirmed that it's not from them.

https://www.welivesecurity.com/2019/05/23/fake-cryptocurrency-apps-google-play-bitcoin/

The app masquerading as a mobile wallet for Trezor was uploaded to Google Play on May 1, 2019 under the developer name “Trezor Inc.”, as seen in Figure 1. Overall, the app’s page on Google Play appeared trustworthy – the app name, developer name, app category, app description and images all seem legitimate at first glance. At the time of our analysis, the fake app even came up as the second result when searching for “Trezor” on Google Play, right after Trezor’s official app.

The app claims it lets its users create wallets for various cryptocurrencies. However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we named wallet address scams in our previous research of cryptocurrency-targeting malware.

How this works is that the app pretends to generate a unique wallet address where users can transfer their coins. In reality, this address belongs to the attackers’ wallet, as only they have the private key necessary for accessing the funds. The attackers have one wallet for each supported cryptocurrency – 13 wallets altogether – and all victims with any specific targeted cryptocurrency are given the same wallet address.

Again, friendly and gentle remainder not to simply trust anything you see in Google Play's Store or Apple App Store, specially regarding crypto wallets.

[mk4]

This isn't the first time right? It seems to be removed now though. Always make sure to report the apps to get them removed as soon as possible when new ones come up.

[DdmrDdmr]

<…>

I think you mixed up some things in your quoted text, but the referenced article introduction itself seems a bit misleading, since it uses the term “connect” when describing the interrelation between both fake apps. The article versed about two different Apps. My interpretation is that they are connected because they use the same backend server and App design templates, not because the Trezor App redirects you to the Coin Wallet app.

Since they are two separate Apps, the first paragraph of your quoted text corresponds to the Ledger app, but the second and third paragraphs correspond to the fake Coin Wallet app.

The former app had a very limited range of action, and seemed to aim at retrieving emails to potentially perform phishing at some point, with Trezor users at core targets. This may happen as reported in the following link (in Spanish, but you’ll get the idea: Alerta : Trezor)

The second app, Coin Wallet app, seemed to be a fake wallet that performs a wallet address scam, providing the scammers wallet address instead of one of your own upon transfers.

[LTU_btc]

Unfortunately, fake or phishings apps is very common thing on Google Play, and not only when it comes to crypto. Ok, this one was taken down, but there is plenty of dangerous apps still here. The problem with Google Play that everyone can upload apps there after paying small $25 developper fee. And these apps aren't even checked by Google staff before it appears on their store. Apple App Store is better because apps must be verified by their team before uploading it.
I don't know what can be done to improve situation on Play Store. Only thing what we can do now - report these apps. But while 1 apps got removed, 10 new appears.

[jossiel]

The problem with Google Play that everyone can upload apps there after paying small $25 developper fee. And these apps aren't even checked by Google staff before it appears on their store. Apple App Store is better because apps must be verified by their team before uploading it.
I don't know what can be done to improve situation on Play Store. Only thing what we can do now - report these apps. But while 1 apps got removed, 10 new appears.

I think because they are not affected by this situation and complains aren't taken seriously. But if they do get a batch of reports, complains, emails about this maybe by that time they will take action and improve their verification before publishing those apps on play store.