SoylentNews

Fnord666 [soylentnews.org] writes:

https://arstechnica.com/information-technology/2019/05/fake-cryptocurrency-apps-on-google-play-try-to-profit-on-bitcoin-price-surge/ [arstechnica.com]

Google's official Play Store has been caught hosting malicious apps that targeted Android users with an interest in cryptocurrencies, researchers reported on Thursday.

In all, researchers with security provider ESET recently discovered two fraudulent digital wallets. The first, called Coin Wallet, let users create wallets for a host of different cryptocurrencies. While Coin Wallet purported to generate a unique wallet address for users to deposit coins, the app in fact used a developer-owned wallet for each supported currency, with a total of 13 wallets. Each Coin Wallet user was assigned the same wallet address for a specific currency.

A second fraudulent Android wallet used the name "Trezor Mobile Wallet" in an attempt to impersonate the widely used hardware cryptocurrency wallet Trezor. The app then instructed users to enter login data and sent it to a server controlled by the developers. Multiple security layers built into real Trezor wallets prevented any credentials entered from accessing legitimate accounts. Still, any email addresses or other personal data could potentially be used in phishing attacks.

Original Submission