Two apps on the Google Play Store have been identified that were trying to steal cryptocurrency. They were actually disguised as cryptocurrency apps, but actually had malicious intent.
The researchers who identified the app said one of them didn’t work as intended, but the other was designed to steal crypto assets. That said, the two were actually connected together.
These two applications actually impersonated another app — Trezor, which is a legit hardware cryptocurrency wallet. While the apps weren’t able to steal cryptocurrency housed by Trezor, it did attempt to deceive its downloaders into turning over login credentials, where the cryptocurrency of a victim would then be transferred into the attacker’s own wallets.
Surprisingly, the app actually appeared trustworthy, even coming up as the number two search on Google Play when you searched for “Trezor.”
ESET, the research and security firm that found this, contacted Google immediately, and the apps were pulled the next day.
These apps have actually been on the Google Play Store since February 25. It is unknown if the apps were successful in stealing crypto assets.