Hackers build like-for-like open-source app to try and steal crypto

pcgamer.com:

Phishing attacks have already been proven to be a danger to all kinds of PC users in 2022 but are especially rampant in crypto and NFT spaces. We've already seen scammers use Discord to try to steal cryptocurrencies, and NFTs swindled in the OpenSea phishing scam.

Now the cryptocurrency wallet provider, Trezor has found its users under attack. Reported by Bleeping Computer, Trezor's mailing list was used to target users, and trick them into downloading a fake version of the software designed to steal their crypto assets.

The original Trezor software is open source, so the code is available to download and in this case be manipulated by others. It's likely this spoofed version is just very so slightly changed from the original as it still even has the Trezor banner warning customers to beware of phishing scams.

Once downloaded, the software asks for a recovery phrase that would have been set by the user when setting up their wallet the first time. This recovery phrase acts as a key to get back into the wallet if lost. Once the user enters the key, then it's game over. The recovery phrase is sent back to the scammers who can now claim all your crypto assets for themselves.

Windows 11 review: What we think of the new OSHow to install Windows 11: Safe and secure installWhat you need to know before upgrading: Things to note before downloading the latest OSWindows 11 TPM requirements: Microsoft's strict security policy

It goes without saying that you should always be incredibly careful using recovery keys for anything online. With phishing scams this sophisticated it can be incredibly difficult to tell a legitimate site or program from a fake. Even the websites associated with the download for this particular scam looked