The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol.
A sophisticated scam that targets only mobile users has reportedly seen a fraudulent cryptocurrency wallet app on Google Play steal $70,000 from users. This is said to be a first for the world.
The malicious program, called WalletConnect, appeared to be a well-thought-out plan to empty cryptocurrency wallets while imitating the reliable WalletConnect protocol.
The deceptive app managed to deceive over 10,000 users into downloading it, according to Check Point Research (CPR), the cybersecurity firm that uncovered the scam.
Scammers Market Fraudulent App as Solution to Web3 Issues
The app’s scammers were well aware of the common problems web3 users encounter, like compatibility problems and the dearth of WalletConnect support across wallets.
They took advantage of the fact that there is not an official WalletConnect app on the Play Store to market the fraudulent app as a fix for these issues.
When combined with a ton of phony positive reviews, the app gave users the impression that it was authentic.
Despite the app having been downloaded over 10,000 times, CPR’s investigation found transactions connected to over 150 cryptocurrency wallets, indicating the precise number of people who were duped.
The application, which promised to provide safe and easy access to web3 apps, asked users to link their wallets after installation.
Users were taken to a malicious website as soon as they approved transactions, which stole their wallet information, including known addresses and the blockchain network.
The attackers were able to initiate unauthorized transfers and take valuable cryptocurrency tokens out of the victims’ wallets by exploiting smart contract mechanics.
It was anticipated that this operation would generate roughly $70,000 in revenue.
Just 20 victims of the malicious app left negative reviews on the Play Store, which were quickly overtaken by a large number of phony positive reviews.
This made it possible for the app to go unnoticed for five months, until its actual purpose became apparent and it was taken down from the platform in August.
According to CPR’s manager of cybersecurity, research, and innovation Alexander Chailytko, “this incident serves as a wake-up call for the entire digital asset community.”
In order to stop such complex attacks, he underlined the necessity for cutting-edge security solutions and exhorted developers and users to take preventative measures to safeguard their digital assets.
Google Removes Malicious Versions of CPR App
In response to these discoveries, Google declared that all malicious app versions found by CPR had been taken down prior to the report’s release.
The tech behemoth emphasized that Android users are automatically shielded by Google Play Protect from known threats, even if they do not originate from the Play Store.
The event comes after a recent Kaspersky campaign that involved 11 million Android users downloading malicious apps without realizing it and incurring unauthorized subscription fees.
In another attempt, Cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware.
This comes on the heels of another malware threat identified in August.
The “Cthulhu Stealer,” which affects MacOS systems, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.