Apple removes malicious Trezor app from App Store

Apple has removed a fake Trezor wallet app after a researcher revealed its presence in the App Store but others may still be lurking.

An apparent malicious app purporting to be crypto hardware wallet Trezor has been taken off Apple’s App Store, though a quick search has revealed that other copycat apps are still lurking.

On June 20, Managing Partner at Crypto Lawyers, Rafael Yakobi, posted a security alert regarding Apple’s App Store. Yakobi reported that the first result in a search for “Trezor” was a malicious app designed to steal cryptocurrency.

He warned Apple users that the fake “Trezor Wallet Suite” app will “request your seed phrase, allowing its operators to steal all of your crypto.” Yakobi added:

“This app has been up for weeks, although the total number of victims is unknown, it could easily be in the hundreds or thousands.”

Security Alert

The first search result for "Trezor" in the Apple @AppStore is a malicious application that will request your seed phrase, allowing its operators to steal all of your crypto.

The name of the malicious application is "Trezor Wallet Suite." You can verify… pic.twitter.com/vWsXTHpkYK
— Rafael Yakobi (@Deliver8tor) June 19, 2023

Cointelegraph searched the United States’ version of the App Store and could not find the malicious app referenced by Yakobi. Apple is generally quick to remove suspicious or fraudulent apps from its app store once alerted.

However, a search for “Trezor Wallet Suite” returned another potentially nefarious application called “MyTREZŌR Suite: One Edition.” It only had two reviews — both of which were warnings that the app is a scam that will steal crypto — so it appears that Apple has not fully cleaned house as of yet.

Apple insists that apps on its official App Store have been vetted and cleared for security purposes.

*Screenshot of a potentially malicious app in the Apple App Store*

The safest way to download mobile applications for crypto wallets is from the manufacturers’ official website. While there is an app available for Trezor users on iOS, it’s merely a companion app with limited functionality.

According to Apple news outlet 9to5mac.com, the world’s largest tech company isn’t too friendly when it comes to crypto apps, which are only supposed to be approved under strict circumstances. The outlet noted:

“While Apple says that the App Store ‘is a place you can trust’ and fights against sideloading, what happens in real life is that even Apple can’t keep the App Store free of scams.”

Fake wallet apps on Apple’s App Store are nothing new. In 2021, one user reportedly lost $600,000 in Bitcoin (BTC) after downloading a malicious Trezor app from the App Store.

Magazine: Why join a blockchain gaming guild? Fun, profit and create better games

Notorious Monkey Drainer crypto scammer says they’re ‘shutting down’

certik

The scammer behind the crypto wallet draining kit even recommended an alternative and gave advice to budding cybercriminals.

The cryptocurrency phishing scammer behind some of the most high-profile and high-value Web3 thefts is claiming to have packed up shop and is “moving on to something better.”

The scammer by the pseudonym Monkey Drainer posted to their Telegram channel on Mar. 1 that they “will be shutting down immediately” and all “files, servers and devices” related to the drainer “will be destroyed immediately” and it “will not return.”

*Monkey Drainer’s full message posted to Telegram recommending an alternative service. Source: Telegram*

The scammer even gave advice to budding “young cyber criminals” saying they shouldn’t “lose themselves in the pursuit of easy money” and only those “with the highest level of dedication” should operate a “large scale cybercrime” outfit.

Monkey Drainer even recommended a “flawless” alternative service to the one they once offered named “Venom Drainer” and pointed to a Telegram account for the service that was created only a day before Monkey’s announcement.

Blockchain security firm PeckShield tweeted on Mar. 1 that Monkey Drainer scammer deposited around 200 Ether (ETH) worth $330,000 within the last day into the crypto mixing service Tornado Cash, attempting to obscure their funds. 840 ETH worth $1.4 million was still in their primary wallet.

#PeckShieldAlert Scammer #MonkeyDrainer, who runs theft schemes for multiple clients (a sort of 'scam-as-a-service') announced to shut down their service
~200 $ETH has been transferred to Tornado Cash within the last 24 hours, while ~840 $ETH (~$1.4M) sits in their main address pic.twitter.com/1lg3KLRxhk
— PeckShieldAlert (@PeckShieldAlert) March 1, 2023

Blockchain security firm CertiK also shared Monkey’s message on a Mar. 1 tweet, saying the crypto wallet-draining kit they offered is understood to take a 30% “commission” of funds stolen funds from others' use of the software.

Wallet-draining kits from other providers have copied the model, and CertiK pointed to other vendors already reporting an uptick in requests since Monkey Drainer announced the shutdown.

3/ Wallet drainer vendors have noted the payment structure Monkey introduced and have since copied

Below are a few examples that we’ve seen: pic.twitter.com/i62aU5t2pv
— CertiK Alert (@CertiKAlert) February 28, 2023

Monkey Drainer is understood to have operated since late 2022 and is estimated to have stolen up to $13 million worth of cryptocurrencies and nonfungible tokens (NFTs) since that time.

Other copycat phishing scammers and wallet-draining kits have stolen much more. A report from Web3 bug bounty platform Immunefi revealed $3.9 billion worth of crypto was lost to hacks, frauds, scams and rug pulls in 2022.

Possibly one of the single most high-profile and high-value theft by a wallet drainer in recent times was the January attack on Kevin Rose, the co-founder of the Moonbirds NFT collection.

Rose’s wallet was drained after he approved a malicious signature on a phishing website that transferred over $1.1 million worth of his personal NFTs to the attacker.

crypto wallet scam