Fraudulent Wallet Application Achieves 10,000 Downloads on Google Play, Misappropriates $70,000 in Cryptocurrency

A counterfeit cryptocurrency wallet application on Google Play has allegedly swindled $70,000 from users in a sophisticated scam that has been characterized as a world-first for exclusively targeting mobile users.

The malicious application, called WalletConnect, imitated the legitimate WalletConnect protocol but was, in reality, a complex scheme designed to deplete crypto wallets.

The misleading app successfully tricked over 10,000 users into downloading it, as reported by Check Point Research (CPR), the cybersecurity firm that uncovered the fraud.

Fraudsters Promote Fake App as Solution to Web3 Challenges

The fraudsters responsible for the app were acutely aware of the common difficulties encountered by web3 users, such as compatibility problems and the limited support for WalletConnect across various wallets.

They astutely marketed the fraudulent app as a remedy for these issues, capitalizing on the lack of an official WalletConnect app available on the Play Store.

Along with a barrage of fake positive reviews, the app seemed credible to unsuspecting users.

Although the app was downloaded over 10,000 times, CPR’s investigation revealed transactions associated with more than 150 crypto wallets, indicating the actual number of individuals who fell prey to the scam.

Upon installation, the app prompted users to connect their wallets, claiming to provide secure and seamless access to web3 applications.

However, as users approved transactions, they were redirected to a malicious website that collected their wallet information, including the blockchain network and known addresses.

By exploiting the mechanics of smart contracts, the attackers were able to initiate unauthorized transfers, draining valuable cryptocurrency tokens from the victims’ wallets.

The total amount stolen in this operation was estimated to be around $70,000.

Despite the app’s malicious purpose, only 20 victims left negative reviews on the Play Store, which were quickly eclipsed by numerous fake positive reviews.

This allowed the app to remain undetected for five months until its true nature was revealed and it was removed from the platform in August.

“This incident serves as a wake-up call for the entire digital asset community,” stated Alexander Chailytko, cybersecurity, research, and innovation manager at CPR.

He stressed the necessity for advanced security measures to thwart such sophisticated attacks, urging both users and developers to take proactive measures to safeguard their digital assets.

Google Eliminates Malicious Versions of CPR App

In light of these findings, Google announced that all malicious versions of the app identified by CPR were removed prior to the report’s publication.

The tech giant emphasized that its Google Play Protect feature is designed to automatically shield Android users from known threats, even those originating from outside the Play Store.

This incident follows a recent campaign uncovered by Kaspersky, in which 11 million Android users unknowingly downloaded apps infected with Necro malware, leading to unauthorized subscription charges.

In another effort, cybersecurity scammers are utilizing automated email responses to compromise systems and deliver stealthy crypto mining malware.

This comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which impacts MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.

The post Fake Wallet App Downloaded 10,000 Times on Google Play, Steals $70K in Crypto appeared first on Cryptonews.