Our early warning systems recently detected trustwället[.]com, an obvious phishing clone of the popular Trust Wallet app, impersonating the legitimate domain trustwallet.com.
After a recent spate of mobile phishing apps, our first suspicion was that one of the mobile apps being linked to on the website was backdoored — most likely the direct link to the Android APK download. However, after inspecting each of the links, we realized that all of the links were in fact legitimate.
After a recent surge of mobile phishing campaigns, our first assumption was that one of the apps linked on the fake website was backdoored — most likely the Android APK download. However, after inspecting each link carefully, we confirmed that all of them were in fact legitimate.
With such a convincing phishing website, where most of the layout, visuals, and social backlinks were cloned from the original brand, it became clear that the threat wasn’t in the downloads but in the “Recovery” functionality hidden within the site.
This fake recovery page claimed to help users “restore lost funds” from the Trust Wallet app. To proceed, users were prompted to select which cryptocurrencies they wanted to recover and then provide their email address, along with their private key or mnemonic phrase.
Once entered, this sensitive data was instantly transmitted to the attacker’s server, giving them full control over the victims’ wallets and funds.
This attack is a harsh reminder that phishing threats are constantly evolving. Even when targeting a mobile app, adversaries may launch web-based phishing campaigns that trick users into revealing private data associated with legitimate crypto platforms.
⚠️ Warning: This phishing website is currently live. Do not attempt to visit or interact with it for your own safety.
Want to learn how to protect your brand and users from attacks like this? Read more about our Brand Protection Services — covering websites, social media, and mobile app impersonations.
