Apple is considered safe but still you gotta be careful

[libert19]

I'm not sure if y'all aware of it but if not: https://decrypt.co/63508/fake-trezor-iphone-app-scams-user-out-of-600000-in-bitcoin

Apple is known for it's rigorous process before allowing apps to it's app store, hence people tend to get bit loose with what they are downloading.

Fake trezor app passed through apple tests, multiple people fell for it, one with 17 BTC.

Don't depend on third party for your security.

[1715251918]

1715251918

[Lapinoudead]

So what OS must we use ?

(To be honnest I'm looking for to change my PC and I'm currently looking for more safety)

However, I think common sense is the best way to not get hack.

[o_e_l_e_o]

Used the app store to search for apps instead of going straight to the developer's site and verifying the download.
Downloaded a fake app even though Trezor doesn't even have an iOS app.
Didn't read all the reviews calling it a scam.
Blindly entered his seed phrase in to the fake app.
And now, according to the article, he blames Apple for "betraying his trust" and says they shouldn't be allowed to "get away with this".

It always amazes me how someone can hold hundreds of thousands of dollars worth of bitcoin and yet still be so monumentally uninformed. He had to do literally everything wrong to fall for this scam. The slightest bit of knowledge or due diligence regarding any one of these steps and he wouldn't have fallen for this. But no, it's Apple's fault.

So what OS must we use ?

A reputable Linux distro such as Ubuntu.

But more importantly than what OS you use is to not just download random pieces of software you stumble across like this user did. If you want to download a crypto wallet or app, then make sure it is open source, visit the developer's site or GitHub directly, and verify your download's PGP signature.

[NotATether]

So what OS must we use ?

(To be honnest I'm looking for to change my PC and I'm currently looking for more safety)

You may have heard already that there are less viruses made for desktop Linux (server Linux is a different story) than Windows, so Ubuntu LTS isn't a bad place to start. Vendors are starting to make versions of their programs specifically for it.

Alternatively, Linux Mint is based on Ubuntu and has mostly the same UI as Windows.

However, I think common sense is the best way to not get hack.

Yeah. If you see App A that has 500K downloads and an app B that pretends to look like App A but only has 5K downloads, then you have a pretty good feeling that App A is the real app and App B is a "fake" copy.

It's harder for fake apps to get hundreds of thousands of downloads, because the services they pay for to inflate downloads only have so many accounts and devices.

[ImThour]

It's still much better than in case of Android. Also, a little bit of common sense would have saved his money.
As per my knowledge, there is no Trezor App for iOS.

People do stupid mistakes and blame it on an operating system.
"someone did a ransomware attack on my system, let's blame Windows despite me knowing I am visiting/downloading bad stuff".

[TheNineClub]

I recently reported such a scam regarding Exodus that was on the Google store, but what I came across when looking into it is that people assume that if the Google store is so unregulated, then the Apple store must be a complete opposite, so they throw caution out of the window. The same skepticism should be involved in both cases because nothing is 100% safe.

[hugeblack]

A lot of people trust an app because it is in the store, we can't blame Apple for that because their store contains a lot of apps, but we can blame them if they don't remove the content early or after several notifications.
Before downloading any program, make sure to download the official version by verifying the signature and avoiding downloading many applications, even if they are reliable.

17 Bitcoin is not a small amount, you cannot be indifferent to your finances.

[bakasabo]

I dont believe that users got scammed due to downloading fake app directly from App Store. All apps passes tons of moderation before getting into App Store. Despite Google Play Store, which is full of fake and scam apps. It is mentioned that he had downloaded an app from App Store. That is a lie, there is no such app there and never was. Just another case of a user that does not care much about his security, as he "downloaded an app to check his balance". This is the same as checking cards balance on http://ismycreditcardstolen.com/ (warning! do not post your private data there)

[DdmrDdmr]

<…> Fake trezor app passed through apple tests <…>

According to the referenced article, the app was initially placed under the cryptography category, being allegedly intended for encrypting files and keeping passwords, but was later changed into the fake Trezor app. I presume the "change" was not a simple category movement of the app, but rather they swapped the code, changed the name and so forth. I figure that there are plenty of controls in the publishing process, but these are rather more laxed with updates.

There is such an app for everything type culture, that people presume that the app is going to exist on a/the store, without checking its legitimacy on the original site as a prior exercise. One would say that 17 BTCs and purchasing a Trezor would vouch for a sharp sense of awareness, but as exemplified here, its not always true.

[stompix]

So what OS must we use ?

The weakest link in the software is the user.
There are thousands of windows users who haven't got "hacked" and tricked into downloading malware and there are also thousands of user who have downloaded crap even on iOS on on other Linux systems, people should understand that Linux is not some kind of bulletproof solution to everything and once you got that on your computer you're completely safe.

The exact thing happened to the victim he believed nothing could go wrong and he went whistling through all the steps o_e_l_e_o mentioned and probably a lot more users did the same but they've kept quiet about their loss.

I dont believe that users got scammed due to downloading fake app directly from App Store. All apps passes tons of moderation before getting into App Store. Despite Google Play Store, which is full of fake and scam apps. It is mentioned that he had downloaded an app from App Store. That is a lie, there is no such app there and never was. Just another case of a user that does not care much about his security, as he "downloaded an app to check his balance".

So you claim that all those people lie and you know better?

Kristyna Mazankova, a spokeswoman for Trezor, said the company has been notifying Apple and Google for years about fake apps posing as a Trezor product to scam its customers. Trezor has never had a mobile app, though the company is working on one. She said the process of reporting the apps is “painful” and that representatives of Apple and Google haven’t been in contact.

Mazankova said Trezor notified Apple about a copycat app on Feb 1. Apple removed the app on Feb. 3, but it appeared again days later, according to Christodoulou, before it was removed again.

The fake Trezor app got through the app store through a bait-and-switch, according to Apple. Though it was called Trezor and used the Trezor logo and colors, it represented itself as a “cryptography” app that would encrypt iPhone files and store passwords, according to Apple. The developer of the fake Trezor app told Apple’s review team it “is not involved in any cryptocurrency.” Apple approved the app and it appeared in the App Store on Jan. 22, according to mobile analytics firm Sensor Tower.

[Findingnemo]

Before downloading any program, make sure to download the official version by verifying the signature

I doubt it's possible on iOS.

Apple told the Washington Post that it had removed 6,500 apps for "hidden and undocumented features" last year, but acknowledged that it relies on users and customers to report fake apps.

Then what's the point of charging developer starting from $99/year? Surely fraction of $99 can be used to research the application authenticity.

AFAIK, it is not possible to install any apps on IOS without jailbreaking it so user itself is making their device vulnerable while doing such activities. we also cannot trust the apps available on their app store but we can spend few minutes to read the reviews of it to find whether it is actually a legit or launched recently. I am actually a hater of IOS because of their unfriendly user interface so I am using Android and Windows but I know what I am doing that is why I didn't lose any money to those fake apps.

[20kevin20]

This is the moment people should realize how bad their knowledge about security is and how bad their habits are.
The vast majority of users are blindly downloading all sorts of apps, blindly trusting anyone around as a sacrifice for their own convenience. It's their own fault and not Apple's, the same way someone cutting their finger with a knife is their own fault for having bad cutting habits.

As time goes on and Bitcoin becomes more expensive, what happens is these guys only get better and better strategies going on to steal your coins. And since almost nobody cares how safe their devices truly are, the number of potential victims is huge. Just think about the insane number of people storing their personal information/files on cloud storages without pre-encryption. This alone shows so much about how careful humans really are..

[Lapinoudead]

If there are fewer people getting hack on linux isn't because people on linux are more aware and more educate about informatic ?

[Trinx01]

Fake application is really common in apple and even with the android, mostly most of the beginners think that when they have downloaded an application from a google play store then it is already safe but that is not true, there are still a lot of scammers who created an application and I don't know how it enters the google play store, The google play store should be aware for this and take some action to remove all those stuff.

[bakasabo]

I dont believe that users got scammed due to downloading fake app directly from App Store. All apps passes tons of moderation before getting into App Store. Despite Google Play Store, which is full of fake and scam apps. It is mentioned that he had downloaded an app from App Store. That is a lie, there is no such app there and never was. Just another case of a user that does not care much about his security, as he "downloaded an app to check his balance".

So you claim that all those people lie and you know better?

~

I did not know that fake apps manages to sneak through App Store moderation. Probably the amount of scam/fake in App Store is so little, so people does not talk about that much. Thanks for info. Now I will not feel as much secured as previously and install apps from App Store in a rush.

[crwth]

Debating on whether it's possible or not to pose a fake app on the Apple Store, it shouldn't be the focus here. I think informing users that these types of schemes are possible to be scammed should be reported. Sharing information on potential scams is a help. It was indeed better to share how to avoid it in the first place. Most people just blindly trust something that they saw and believe it right away without doing possible research.

Be vigilant with what you download.

[zasad@]

I do not use mobile cryptocurrency applications. It is very dangerous. Now every application can spy on and transfer data about other applications that you have installed on your phone.
It has already been said that if you are a bad Linux user, then use Windows and hardware wallets.
And it is very reckless to store large amounts of money on mobile wallets.

[hatshepsut93]

It always amazes me how someone can hold hundreds of thousands of dollars worth of bitcoin and yet still be so monumentally uninformed. He had to do literally everything wrong to fall for this scam. The slightest bit of knowledge or due diligence regarding any one of these steps and he wouldn't have fallen for this. But no, it's Apple's fault.

People are so used to mindlessly installing apps, that they do it even if they are going to entrust this app with hundreds of thousands of dollars. They probably don't visit Bitcoin forums and never seen a topic about fake wallet resulting in massive theft, otherwise they'd take at least take some steps to verify the software that they want to use.

It's also so stupid to hodl all your coins in one wallet, if that person had multiple wallets, they'd only lose a portion of their coins.

[mediaBuzz]

I dont believe that users got scammed due to downloading fake app directly from App Store. All apps passes tons of moderation before getting into App Store. Despite Google Play Store, which is full of fake and scam apps. It is mentioned that he had downloaded an app from App Store. That is a lie, there is no such app there and never was. Just another case of a user that does not care much about his security, as he "downloaded an app to check his balance". This is the same as checking cards balance on http://ismycreditcardstolen.com/ (warning! do not post your private data there)

Looks like he actually did download from the official App Store. And as someone else said above the scammers initially launched a legit app under another name and then later they morphed it into totally another app of another category under new name. Why would they allow this?

The guy looks like seeing a doctor now and taking medicines. Idk what condition would I be if I lost 600k like this and shortly after it is more than $1M lol.

[passwordnow]

This is the same with those Google Play Store fake apps that they've allowed to be published. Apple should also pay attention to this detail to avoid further displaying and publishing of potential fake apps in the feature in their platform. Google isn't paying attention on this and only relies to the reports of good people onto their platform but with Apple, they're stricter and after this incident, I think that they're going to pay attention on it. As users, we should be careful with everything we download, whether we use Apple's OS or Android or Windows or with any other OS's.