Google’s official Play Store has been stuck hosting hazardous apps that highly targeted Android users with an interest in cryptocurrencies, experts reported on Thursday.
In all, experts with safety provider ESET recently found two fake digital wallets. The first, known as Coin Wallet, enable users to create wallets for a variety of different cryptocurrencies. While Coin Wallet purported to produce a unique wallet address for users to invest coins, the app actually used a developer-owned wallet for every supported currency, with a total of 13 wallets. Each Coin Wallet user was allocated the same wallet address for a specific currency.
“The app claims it lets users create wallets for several cryptocurrencies,” ESET Malware Researcher Lukas Stefanko wrote in a blog post. “However, its actual objective is to trick users into transferring cryptocurrency into the attackers’ wallets—a classic instance of what we named wallet address scams in our previous research of cryptocurrency-targeting malware.”
A second fake Android wallet used the name “Trezor Mobile Wallet. Stefanko said the fraudulent Trezor app listing on Play seemed to be trustworthy at first look because the name, developer name, app category, app description, and images all seemed legal. It also appeared as the second result when searching Play for “Trezor.”
Both applications connected to the same coinwalletinc.com domain. Google has removed both apps from Play.
The discovery comes as the worth of bitcoin surged earlier this month to its maximum level since last July. “Not surprising ,” Stefanko wrote, “cybercrooks were quick to notice this development as well as started upping their efforts in targeting cryptocurrency users with several scams and malicious apps.”