ESET discovers new fake cryptocurrency apps on Google Play able to phish and scam users out of cryptocurrency

Next story
Bitcoin image

BRATISLAVAESET researchers today published research into fake cryptocurrency wallets that emerged on Google Play at the time of bitcoin’s renewed spike in value. This month has seen bitcoin growing, with its price climbing to its highest point since September 2018. Not surprisingly, cybercriminals were quick to notice this development and began upping their efforts to target cryptocurrency users with various scams and malicious apps. One is impersonating the popular hardware cryptocurrency wallet Trezor. The illegitimate app was connected to a fake cryptocurrency wallet app named “Coin Wallet – Bitcoin, Ripple, Ethereum, Tether,” which is capable of scamming unsuspecting users out of money.

“We haven’t previously seen malware misusing Trezor’s branding and were curious about the capabilities of such a fake app,” said Lukáš Štefanko, malware researcher, ESET. “After all, Trezor offers hardware wallets that require physical manipulation and authentication via PIN, or knowledge of the so-called recovery seed, to access the stored cryptocurrency.”

In analyzing the fake app, ESET found that it cannot do any harm to Trezor users’ crypto-savings given Trezor’s multiple security layers. However, it is connected to a fake cryptocurrency wallet app “Coin Wallet,” which is capable of scamming unsuspecting users out of money. “Both these apps were created based on an app template sold online,” added Štefanko.

The app masquerading as a mobile wallet for Trezor was uploaded to Google Play on May 1, 2019, under the developer name “Trezor Inc.” Overall, the app’s page on Google Play appeared trustworthy at first glance. At the time of our analysis, the fake app even came up as the second most popular result when searching for “Trezor” on Google Play, right behind Trezor’s official app. However, the fake app is used to phish for login credentials.

The server used to harvest credentials from the fake Trezor app is hosted on Looking into the domain led us to another fraudulent app, named “Coin Wallet” on its website and on Google Play. They also overlap in code and interface. The website contains a link to Google Play, where the app was available from February 2019.

“The app claims it lets its users create wallets for various cryptocurrencies. However, its actual purpose is to trick users into transferring cryptocurrency into the attackers’ wallets – a classic case of what we’ve named wallet address scams in our previous research into cryptocurrency-targeting malware,” added Štefanko.

Štefanko offered a few tips to stay safe with cryptocurrencies online:

  • Only trust cryptocurrency-related and other finance apps if they are linked from the official website of the service.
  • Only enter your sensitive information into online forms if you are certain of their security and legitimacy.
  • Keep your device updated.
  • Use a reputable mobile security solution to block and remove threats.

We have reported the fake Trezor app to Google’s security teams and have reached out to Trezor about the publication of this blog post. Trezor confirmed that the fake app did not pose a direct threat to its users. However, they did express concern that the email addresses collected via fake apps such as this one could later be misused in phishing campaigns. At the time of writing, neither the fake Trezor app nor the Coin Wallet app is available on Google Play.

Recently analyzed fake cryptocurrency apps on Google Play

Trezor Mobile Wallet app image

About ESET

For 30 years, ESET has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET has become the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single "in-the-wild" malware without interruption since 2003. For more information, visit or follow us on LinkedIn, Facebook and Twitter.

ESET Smart Security Premium box


ESET Smart Security Premium


ESET Internet Security


ESET NOD32 Antivirus

Small and Home  office protection

Easy-to-use device security with advanced privacy features

ESET Mobile Security for Android

Keep your Android device safe. Wherever you go

ESET Parental Control for Android

Protect your children online with confidence

ESET Smart TV Security box

ESET Smart TV Security

Internet of Things security starts with your TV

Renew my license

Renew, upgrade or add devices to your license


Manage your license, update date and more


Install your protection or try ESET free for 30 days


Install your business protection or request a free trail


Superior technology

Learn more about our unified cybersecurity platform

Industry recognition

ESET cybersecurity solutions are recognized and industry-wide.

Corporate blog

Cybersecurity news from ESET's award-winning researches.

Customer zone


Manage your license, update billing information and more

Live chat

Need help purchasing, renewing a license or have product questions?

Business sales

for business customers

For business sales call: