A user lost 17 Bitcoins through counterfeit apps downloaded from the Apple App Store
Trezor is an encrypted asset hardware wallet in the Czech Republic, that is, the wallet has physical hardware and can be connected to a computer via USB to decrypt data and perform asset management.
A few days ago, a user downloaded the APP of the same name through the Apple App Store. Then the user discovered that 17.1 Bitcoins in his account had been transferred, and only then did the user discovers that the so-called Trezor was actually malware.
In fact, this hardware wallet only supports USB connection without supporting applications based on security considerations, so all applications with the same name appearing on the Internet are counterfeit.
The media investigations found that there are currently many apps that counterfeit hardware wallets in Apple and Google stores, all of which are intended to steal users’ balances.
It stands to reason that Apple and Google shouldn’t review apps more carefully? Why can this type of malicious application land in the application store grandiosely?
When a user complains to Apple but gets an irresponsible answer from Apple, it is clear that Apple will not compensate the user for any potential losses caused by such problems.
After an initial investigation, Apple found that hackers had forged information to submit a shelf application to the company, and the application description was that safe-box applications could encrypt user files, etc.
After the app is on the shelf, the developer makes remote changes through the control server to turn it into an encrypted wallet application and then induces the user to enter his wallet mnemonic.
As for how to deal with this matter, it is not yet clear, but Apple will certainly not lose money, and these victims may also unite to sue Apple for compensation.