Google, on the Play Store false app for cryptocurrencies

The Google Play Store, the official Google app store, ended up at the center of some controversy for having "hosted" some harmful applications for Android users.

Coin Wallet

Some security experts have identified two fraudulent digital wallets in the Play Store. The first, called Coin Wallet, allows users to create wallets for a long series of different digital assets. In particular, Coin Wallet proposed to generate a single wallet address to deposit multiple cryptocurrencies: a pity that, in reality, the application actually used a wallet owned by the developer for each currency supported, for a total of 13 wallets.

Each Coin Wallet user was therefore assigned the same address as the wallet. In even simpler terms, the actual purpose of the app was to convince users to open wallets, while ignoring that that address was not theirs, but the developer's address. So, once users proceeded to transfer the cryptocurrency to the addresses communicated, they ended up losing control of their digital currencies. Unfortunately, the application was made available on the Play Store for three months, from February 7 to May 5. During this presence, the app was installed over 1.000 times.

Trezor Mobile Wallet

A second fraudulent application present on the Play Store was called instead Trezor Mobile Wallet. In this case, the app aimed to emulate the hardware used for Trezor's cryptocurrency wallets, among the leaders in the sector. Unfortunately, however, even in this case it was a scam: the application then provided instructions to users, asking them to enter the login data of their wallets on Trezor, sending them to a server controlled by the developers. Although, fortunately, different levels of security integrated into "real" Trezor wallets prevented the credentials entered from accessing legitimate accounts, security experts believe that email addresses or other personal data could be used in phishing attacks.

Unfortunately, the experts who spotted this second fake application argued that, at first glance, it was indeed credible software. The app name, developer name, application category, application description and images all seemed to invoke the legitimacy of Trezor services. Of course, on closer inspection, however, it turned out that this app had nothing to do with Trezor.

The certainty was finally obtained by installing the app. The icon displayed on the smartphone screen was distinctly different from the real Trezor application and showed the words "Coin Wallet".

In this chaos, the spread of the application has been more reduced, considering that it was removed from the store a few days ago, and had been uploaded to Google Play on May 1st. App downloads should therefore be much smaller. Security analysts found that both applications were connected to the same domain (coinwalletinc [.] Com).