Scammers imitate apps of legitimate projects (see https://www.cnbc.com/2022/07/21/fake-crypto-apps-have-stolen-millions-from-investors-says-fbi.html). The fake apps look like the original ones and are available for some time inside popular app stores such as Google Play or Apple App Store. Popular apps to be imitated are e.g. wallet apps like AtomicWallet (https://atomicwallet.io/) or TrustWallet (https://trustwallet.com/, see https://medium.com/imtoken/wallet-security-letter-3-crypto-wallet-scams-fake-apps-texts-and-mnemonics-31763b6b625c) or front-end apps of hardware wallets like Trezor (https://trezor.io/, see https://t3n.de/news/bitcoin-hodler-apple-phishing-scam-1370582/) or Ledger Live (https://www.ledger.com/ledger-live). Using the fake apps victims insert their private keys or seed phrases, which are stolen by the scammers since the phony app sends out the user input to the scammers.
Sub techniques (0)
ID
Name
--
--
ID
Mitigation
Description
M10
Check apps
Users should check apps before downloading them. This can be accomplished by checking the download rate of the app in the app store as well as by analyzing available user ratings (beware fake ratings!).
