I remember few years ago people reported some fake Trezor One hardware wallets, and many legit companies cloned and forked Trezor because of their Open Source code.
Now there are new reports of Trezor Model T fake devices that are used to scam people and steal coins from them, and this was confirmed by well known company Kaspersky.
Attackers waited patiently for owner to deposit larg enough amount of coins before they stole them from him.
From outside this fake Trezor T wallet looks identical like original Trezor device, it was ordered from popular website and it had holographic sticker on original box.
First strange things was asking to update latest firmware version 2.0.4 that was not available on official Trezor github.
Things look different when you open it and check the board, there are traces of soldering and microcontroller STM32F429 fully was used instead of original model STM32F427, and it had fully deactivated flash-memory read-out protection.
Image below is showing original device on left sight, and fake device is on the right side:
Source Article:
https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/Bootloader and wallet firmware had three modifications, first to bypass checking that device is genuine, second change was making owner use seed phrase previously generated by scammers, and third change was making attackers easy to crack password.
How to prevent attacks like this?- This is textbook example of supply-chain attack, that is why it's very important to buy hardware wallets only from official website or resellers.
You can also read one of my old topics that explains most Attack vectors for Hardware Wallets:
https://bitcointalk.org/index.php?topic=5321850