More fake applications surface on Google’s play store to steal cryptocurrencies from unsuspecting victims, and the latest one is a fake Trezor app which has been imitating the popular cryptocurrency wallet supplier. The app has managed to fool over 1000 users according to the number of downloads.
According to a public warning issued by Trezor, the malicious application is not linked with Trezor or SatoshiLabs, the company behind the Trezor wallet. First announcing the news on January 18, Trezor urged its customers to not install this application, adding that users must not share their seed phrases with anyone.
Warning to all Trezor owners using Android devices!
This app is malicious and has no relation to Trezor or SatoshiLabs. Please, don't install it.
Remember that you should never share your seed with anyone until your Trezor device asks you to do it! pic.twitter.com/6C3iKfPDnR
— Trezor (@Trezor) January 18, 2021
The firm has also provided a short manual on how to use the Trezor wallet with an Android-powered device. In its manual, the company has outlined major third-party Trezor apps for the device including Mycelium, Sentinel, or Wallet.
At the time of writing the application remains listed on the Play Store, and as of now, the application has been downloaded more than 1000 times. The fake application also has around 200 reviews on the platform, and the majority of the reviews state that this application is a scam.
One user warned:
“This app is a scam. Never enter your recovery phrase in anything except an official hardware Trezor. Anyone that asks for this phrase (besides a physical Trezor) is trying to scam you).”
The problem continues
This isn’t Trezor’s first experience with fake applications. Back in 2019, similar applications were spotted on Play Store. The apps were spotted by researchers from ESET antivirus. The app imitated Trezor and further investigation found that it had ties to another fake app that was potentially used to scam unsuspecting users out of money.
Last year, several malicious Google Chrome extensions that pretended to be crypto wallets like Trezor were spotted by Harry Denley, the director of security at wallet provider MyCrypto. These malicious extensions have the ability to record personal information like private keys, passwords, Keystore files, and other sensitive data, and send it to the hacker who can utilize this information to steal funds.
As previously reported by The Daily Chain, earlier this month Security firm Intezer Labs warns that malware has been stealing crypto assets. The malware was spread mainly via three apps dubbed Jamm, eTrade/Kintum, and DaoPoker, which were all hosted on their respective websites. The first two of these are poor quality crypto trading applications, while the other one is a gambling-based application.