Scammers Market Fake Apps as Solution to Web3 Problems

Fake Wallet App Downloaded 10,000 Times on Google Play, Steals $70,000 Worth of Crypto

crypto walletTipuanDompet

The malicious app, called WalletConnect, mimics the reputable WalletConnect protocol.

A fake cryptocurrency wallet app on Google Play has reportedly stolen $70,000 from users in a sophisticated scam described as the world's first to target mobile users exclusively.

The malicious app, dubbed WalletConnect, mimics the popular WalletConnect protocol but is actually a sophisticated scheme to drain crypto wallets.

The scam app managed to trick more than 10,000 users into downloading it, according to Check Point Research (CPR), the cybersecurity firm that uncovered the scam.

Scammers Market Fake Apps as Solution to Web3$ Problems

The scammers behind the app are well aware of the common challenges faced by web3 users, such as compatibility issues and the lack of widespread support for WalletConnect across wallets.

They cleverly marketed the fake app as a solution to this problem, taking advantage of the lack of an official WalletConnect app on the Play Store.

Coupled with the many fake positive reviews, the app appears genuine to unsuspecting users.

While the app was downloaded more than 10,000 times, CPR’s investigation identified transactions associated with more than 150 crypto wallets, indicating the number of individuals who actually fell victim to the scam.

Once installed, the app prompts users to connect their wallet, claiming to offer secure and seamless access to web3 applications.

However, when users authorize transactions, they are redirected to a malicious website that collects their wallet details, including blockchain networks and known addresses.

By exploiting smart contract mechanisms, attackers can initiate unauthorized transfers and steal valuable cryptocurrency tokens from victims' wallets.

The total proceeds from this operation are estimated to be around $70,000.

Despite the app's malicious intent, only 20 victims left negative reviews on the Play Store, which were quickly overshadowed by a number of fake positive reviews.

This allowed the app to go undetected for five months until its true nature was revealed and it was removed from the platform in August.

“This incident is a wake-up call for the entire digital asset community,” said Alexander Chailytko, cybersecurity, research and innovation manager at CPR.

He stressed the need for advanced security solutions to prevent such sophisticated attacks, and urged users and developers to take proactive steps to secure their digital assets.

Google Removes Malicious Version of CPR App

Google, in response to these findings, stated that all versions of the malicious apps identified by CPR had been removed before the report was published.

The tech giant highlighted that the Google Play Protect feature is designed to automatically protect Android users from known threats, even when those threats originate outside the Play Store.

This incident follows a recent campaign uncovered by Kaspersky, in which 11 million Android users unknowingly downloaded apps infected with the Necro malware, resulting in unauthorized subscription charges.

In another attempt, Cybersecurity scammers used automated email replies to compromise systems and secretly deliver crypto-mining malware.

This follows another malware threat identified in August.

“Cthulhu Stealer,” which affects MacOS systems, also masquerades as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys.#BecomeCreator #crypto.