2 min

Tags in this article


Googles Play Store has hosted two malicious apps aimed at Android users. It’s about Coin Wallet and Trezor Mobile Wallet. Both apps were focused on cryptocurrencies and connected to the same coinwalletinc[.]com domain. In the meantime, the apps have been removed from Google Play.

According to Ars Technica, researchers from security provider ESE discovered the fraudulent digital portfolios. This comes as no surprise to ESET Malware researcher Lukas Stefanko, as the price of bitcoin earlier this month rose to its highest level since last July. Cybercriminals quickly noticed this development and began to step up their efforts to defraud users of cryptocurrency via various scams and malicious apps, says Stefanko.

Coin Wallet

Coin Wallet, whose official name is Coin Wallet-bitcoin, Ripple, Ethereum, Tether, was available from February 7 to May 5 and would have been installed more than 1,000 times. The app allows users to create portfolios for a large number of different cryptocurrencies. Although Coin Wallet claimed to generate a unique wallet address for users to deposit coins, the app actually used a wallet for developers in each supported currency. It concerned a total of 13 wallets. Each Coin Wallet user was assigned the same portfolio address for a specific currency.

Stefanko: According to the app, users can create portfolios for different cryptocurrencies. However, the real goal is to mislead users into transferring cryptocurrency to the portfolios of the attackers. This is a classic case of what we called portfolio spam in our previous malware study. This was based on cryptocurrency targeting.

Trezor Mobile Wallet

Trezor Mobile Wallet was soon identified as a fake after installation. The icon on phone screens was clearly different from the real, commonly used hardware cryptocurrency Trezor app and even showed the words Coin Wallet. It is said that there have been 50 downloads since the app was uploaded to Google Play on 1 May. The app instructs users to enter login details and send them to a developer-controlled server. Multiple layers of security built into the Trezor app prevented the entry of credentials into legitimate accounts. Nevertheless, e-mail addresses or other personal data could be used for phishing attacks.

Read more: Google requires 64-bit apps in Play Store from August 2021.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.