Trezor recorded a similar experience concerning a malicious app in 2021.
A fake Trezor app “Trezor Wallet Suite” has appeared in the Apple App Store. The app is a counterfeit version of the advanced crypto hardware wallet and can potentially put users at risk. A Twitter user and partner at The Crypto Lawyers, Rafael Yakobi, called the public’s attention to the fake Trezor app appearing on the App Store.
Later it has become known that Apple removed this application from its store.
Fake Trezor App
According to the tweet, the fake app is the first result that pops up after searching for “Trezor” on Apple’s app marketplace. The malicious applications reportedly request users’ seed phrases, causing victims to lose their crypto assets. While there is no specific number of victims of this fraudulent act, Yakobi pointed out that the Trezor fake app has been active for weeks. Considering malicious crypto activity over the years, hundreds or even thousands could have fallen victim to this fraud. Crypto scams that lasted for a couple of days deceived many people. How much more is a counterfeit app on a trusted platform?
The Managing Partner at The Crypto Lawyer emphasized the need for “extreme due diligence” in keeping crypto safe. The reported fake app could have stolen the crypto of users who innocently gave out their seed phrases, which is a list of words that stores all the information needed in recovering crypto assets in a hardware wallet if stolen or lost.
According to Apple, the genuine open-source wallet by Trezor is “Trezor Suite Lite”. It’s unclear how the fake Trexor app could elude Apple’s review guidelines before appearing on the marketplace. The technology company is known for its strict guidelines that resulted in its high standard. Not long ago, the iPhone-making company gave Damus 14 days to remove Bitcoin payments or be removed from the App Store. Damus, a decentralized social networking app, allows users to send BTC to their favorite content creator through Lightning Network. However, the process does not align with Apple’s terms that require apps to use its in-app purchase mechanism. Hence, Apple gave Damus till June 27 to comply with its guidance or be yanked off the application store.
Past Attacks on Trezor
Meanwhile, Trezor recorded a similar experience concerning a malicious app in 2021. That time, it was the company itself that warned users that a fake app was available on the Google Play Store, cautioning its customers not to share their seed phrases. At the time of the warning, the fake Trezor app was already downloaded more than 1,000 times.
Again, Trezor users experienced a phishing attack in April 2022. The company confirmed the attack via its official Twitter handle and promised to investigate it. Before Trezor acknowledged that it was under attack, multiple users took to Twitter to discuss the email phishing ambush. There was a data breach of an opt-in newsletter supported on MailChimp.