Fake Trezor iPhone app scams user over $ 600,000 in Bitcoin

[ad_1]

In the letter

One user lost 17.1 Bitcoin, worth $ 600,000 at the time, to a fake Trezor app on Apple’s App Store.
To bypass Apple’s review process, some malicious developers modify their apps after being approved.

A malicious smartphone app from Apple’s App Store, mimicking the name and visual style of Trezor hardware wallets, was used to steal 17.1 Bitcoin (BTC) from an unsuspecting user.… was worth $ 600,000 then, and over a million dollars today.

By a report in The Washington Post, Trezor user Phillipe Christodoulou had stored his Bitcoin on a Trezor hardware walletand – wanting to check his balance – downloaded an app supposedly from Trezor from the iOS App Store.

Although Trezor does not currently support Apple’s iOS mobile operating system and does not have a mobile app, the app used the company’s name and brand, and achieved a rating of nearly five stars, which makes it appear trustworthy.

After Christodoulou downloaded the app and entered his credentials, all of his crypto was immediately gone.

“They betrayed the trust I had in them. Apple doesn’t deserve to get away with it, ”said Christodoulou.

Christodoulou is not the only person to be the victim of the scam; Georgia resident James Fajcz also told the exit that he lost for $ 14,000 worth of Bitcoin and Ethereum to the false application.

Applications slip through the cracks

Apple touts its store as “the world’s most reliable marketplace for applications.” Talk to Washington post, an Apple spokesperson explained that all apps go through a rigorous review process, but acknowledged that there have been other cryptocurrency scams on the App Store. The app used to scam Christodoulou was available on the App Store from January 22 to February 3 at least and was downloaded around 1000 times.

In this specific case, the bogus Trezor app was initially featured in the “crypto” category – as a solution to encrypt iPhone files and store passwords – before being changed by the developers to a crypto wallet app. Apple told the Washington post that it removed 6,500 apps for “hidden and undocumented features” last year, but admitted it relied on users and customers to report bogus apps. When Christodoulou checked the written reviews of the fake Trezor app, he read many complaints from other people who had been scammed in the same way.

Apple isn’t the only company whose App Store has hosted bogus crypto wallet apps. In January of this year, Trezor took Twitter to notify users of a malicious android app in the Google Play Store which has been downloaded over 1000 times.

Warning to all Trezor owners using Android devices!

This application is malicious and has no connection with Trezor or SatoshiLabs. Please do not install it.

Remember, you should never share your seed with anyone until your Trezor device asks you to! pic.twitter.com/6C3iKfPDnR

– Vault (@Trezor) January 18, 2021

“We don’t allow apps that mislead users by impersonating another app, developer, or company, and when we discover an app that violates our policies, we take action. appropriate, ”said Google spokesperson Colin Smith. Washington post; the company noted that it had recently identified and removed two fake Trezor apps from the Google Play Store, although analytics company App Figures identified eight fake apps on the store.

In both cases, the crooks used a phishing technique to convince users of the hardware wallet to enter their recovery phrase, which allowed them to create a copy of the wallet and send the funds in it to the wallet. address of their choice. Blockchain analysis firm Chainalysis reported that Christodoulou and Fajcz’s funds were sent to “a suspicious account”.

It goes without saying that you should never enter your wallet recovery phrase into any app, however convincing it might seem at first glance.

[ad_2]

Source link