Apple recently removed a fake and malicious Trezor crypto wallet app from the App Store after a researcher revealed its presence.
Specifically, such an app was designed to steal users’ crypto. Below are all the details.
Summary
Fake Trezor wallet app created to steal crypto: Apple takes action
As anticipated, an alleged malicious app posing as a Trezor crypto hardware wallet has been removed from Apple’s App Store. However, a quick search revealed that other copycat apps are still present.
Earlier in the day yesterday, Rafael Yakobi, managing partner of Crypto Lawyers, posted a security alert regarding Apple’s App Store. Specifically, Yakobi reported that the first result of a search on “Trezor” was a malicious app designed to steal crypto.
As a result, it warned Apple users of the risk posed by the fake app called “Trezor Wallet Suite,” writing the following on Twitter:
“The first search result for “Trezor” in Apple App Store is a malicious app that will request your seed phrase, allowing its operators to steal all your crypto.
The name of the malicious application is “Trezor Wallet Suite.” You can check it out for yourself.
This app has been active for weeks, although the total number of victims is unknown, it could easily be in the hundreds or thousands. The proper and safe use of cryptocurrencies requires extreme due diligence. If you know someone using a Trezor, let them know.”
Apparently based on the testimonies, the app is now no longer in Apple’s App Store, a fact that again demonstrates Apple’s readiness to remove potential threats to protect users.
Are there other threats in the App Store with regard to Trezor wallets?
Despite Apple’s almost immediate resolution of the problem, other users’ searches for “Trezor Wallet Suite” returned another possible malicious application called “MyTREZŌR Suite: One Edition.”
This application had only two reviews and they were both warnings that it was a scam aimed at stealing cryptocurrency, which suggests that Apple has not yet fully completed the cleanup.
For its part, Apple insists that the apps in its official App Store have been checked and cleared to ensure security. As a reminder, the most secure way to download mobile apps for crypto wallets is from the manufacturer’s official website.
It is important to note that although an app is available for Trezor users on iOS, it offers only limited functionality and is considered a complementary app.
In any case, according to the article published on Apple’s 9to5mac.com, it appears that the world’s largest tech company is not particularly supportive of cryptographic apps, which are approved only under strict circumstances.
In fact, the article states the following:
“While Apple claims the App Store is a trusted place to fight against sideloading, in reality, not even Apple can keep the App Store scam-free.”
Apple lashes out at Damus over some Bitcoin-related actions
Last week, Apple threatened to ban the Damus app from its App Store because there was apparently a feature that allowed users to exchange tips using Bitcoin.
We see that Nostr works similarly to other social networks, such as Mastodon and Bluesky (all inspired in some way by Twitter), but has some unique features.
Damus, an app available for Apple devices, allows users to access Nostr and offers a feature called “Zaps,” which consists of Bitcoin-based microtransactions.
This means that users can “zap” each other as a form of support for content creators. This feature is available in both user profiles and individual posts.
However, recently there have been changes due to a decision made by Apple. In fact, on Tuesday, Apple notified Damus developers that the app would be removed from the App Store because it violated the company’s guidelines.
Specifically, Apple reiterated that allowing users to send money in response to content posted on the social network was considered “selling digital content.”
In addition, Apple raised concerns about the “Zaps” feature not relying on in-app purchases.
Anyway, after the negative reactions received, Apple contacted Damus developers again in order to find a solution to keep the app available in the App Store.
The two groups therefore reached an agreement that allows Damus to continue using Zaps transactions, but only on user profiles. The option to send Zaps to individual posts is no longer available, as Apple continues to consider it a sale of digital content.
