Fake Wallet App on Google Play Steals $70K in Crypto, Downloaded Over 10,000 Times

fiverr
Illustration of a mobile phone displaying a fake wallet app named WalletConnect on Google Play.
fiverr

Fake Wallet App Downloaded 10,000 Times on Google Play, Steals $70K in Crypto

A fake cryptocurrency wallet app that has been downloaded 10,000 times from the Google Play store reportedly stole $70,000 from users in a very sophisticated scam described as the first of its kind because it targeted mobile users exclusively.

App Maliciously Impersonated WalletConnect Protocol

The malicious application, which was impersonating the famous WalletConnect protocol, was actually a wild scam meant to drain crypto wallets. According to a cybersecurity firm, Check Point Research-which discovered this scam-the fraudulent app had convinced more than 10,000 users to download it.

Scammers Market Fraudulent App as Solution to Web3 Issues

The scammers behind the application knew the general pain points that Web3 users had been facing with their applications: incompatibility issues, WalletConnect not compatible across different wallets. They then marketed this application as the fix to these problems, leveraging the fact that there has never been an official WalletConnect app on the Play Store.

Coupled with a bunch of fake positive reviews, this app seemed all legitimate to the prospective users. Though it was downloaded more than 10,000 times, an investigation by CPR revealed transactions connected to over 150 crypto wallets linked to people who really fell prey.

How the Scam Worked

It then prompted users to connect their wallets, promising secure and seamless access to web3 applications. However, upon approval of these transactions, people were redirected to the malicious website that harvested wallet details including the blockchain network and known addresses.

coinbase

By manipulating the internal mechanisms of smart contracts, the hackers initiated unauthorized transfers from the wallets of victims and drained them off their cryptocurrency tokens. The estimated haul reached $70,000 in this particular operation.

Google’s Response and Future Prevention

Google, for its part, contends that all of the malicious versions of the app, as identified by CPR, were removed prior to the publication of the report. The tech giant explained that its Google Play Protect feature is built to automatically protect Android users against known threats-even when those stem from outside the Play Store.

That’s going to be a wake-up call for the whole digital asset community, Alexander Chailytko, a cybersecurity, research, and innovation manager at CPR, has said. He added that advanced security solutions are needed now to head off such elaborate attacks and called upon users and developers alike to take proactive measures to safeguard their virtual assets.

Rising Threats in Crypto Space

This incident comes after a recent campaign that was uncovered by Kaspersky, whereby 11 million Android users unknowingly installed applications that had the Necro malware embedded in the app, which subscribed them to unauthorized charges. Cybersecurity scammers use automated email replies to compromise systems and plant stealthy crypto mining malware.

These incidents further point to the increasing vigilance and robust security needed in digital asset space-as-sophisticated threats continue to target both its users and their valuable assets.

Changelly