Fake Wallet App Downloaded 10,000 Times on Google Play, Steals $70K in Crypto

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Author Profile

Copied

Last updated:

September 28, 2024 03:05 EDT

Why Trust Cryptonews With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards, ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews A fraudulent cryptocurrency wallet app on Google Play has reportedly stolen $70,000 from users in a sophisticated scam that has been described as a world-first for targeting mobile users exclusively.

The malicious app, named WalletConnect, mimicked the reputable WalletConnect protocol but was, in fact, a sophisticated scheme to drain crypto wallets.

The deceptive app managed to deceive over 10,000 users into downloading it, according to Check Point Research (CPR), the cybersecurity firm that uncovered the scam.

Scammers Market Fraudulent App as Solution to Web3 Issues

The scammers behind the app were well aware of the typical challenges faced by web3 users, such as compatibility issues and the lack of widespread support for WalletConnect across different wallets.

They cleverly marketed the fraudulent app as a solution to these problems, taking advantage of the absence of an official WalletConnect app on the Play Store.

Coupled with a slew of fake positive reviews, the app appeared legitimate to unsuspecting users.

While the app was downloaded over 10,000 times, CPR’s investigation identified transactions linked to more than 150 crypto wallets, indicating the number of individuals who actually fell victim to the scam.

Once installed, the app ed users to link their wallets, claiming to offer secure and seamless access to web3 applications.

However, as users authorized transactions, they were redirected to a malicious website that harvested their wallet details, including the blockchain network and known addresses.

Exploiting the mechanics of smart contracts, the attackers were able to initiate unauthorized transfers, siphoning off valuable cryptocurrency tokens from the victims’ wallets.

The total haul from this operation was estimated to be around $70,000.

Despite the app’s malicious intent, only 20 victims left negative reviews on the Play Store, which were quickly overshadowed by numerous fake positive reviews.

This allowed the app to remain undetected for five months until its true nature was exposed and it was removed from the platform in August.

“This incident serves as a wake-up call for the entire digital asset community,” said Alexander Chailytko, cybersecurity, research, and innovation manager at CPR.

He emphasized the need for advanced security solutions to prevent such sophisticated attacks, urging both users and developers to take proactive steps to secure their digital assets.

Google Removes Malicious Versions of CPR App

Google, in response to these findings, stated that all malicious versions of the app identified by CPR were removed before the report’s publication.

The tech giant highlighted that its Google Play Protect feature is designed to automatically protect Android users against known threats, even when they stem from outside the Play Store.

The incident follows a recent campaign exposed by Kaspersky, in which 11 million Android users unknowingly downloaded apps infected with Necro malware, resulting in unauthorized subion charges.

In another attempt, Cybersecurity scammers are using automated email replies to compromise s and deliver stealthy crypto mining malware.

This comes on the heels of another malware threat identified in August.

The “Cthulhu Stealer,” which affects MacOS s, similarly disguises itself as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.