Fake WalletConnect App on Google Play Store Steals $70K in Crypto Assets

Highlights:

• A fake WalletConnect app on Google Play drained over $70,000 in crypto assets, targeting 150 users.
• The app tricked users into authorizing transactions by sending them to a malicious site.
• Google has removed the fraudulent app, but experts stress stronger cybersecurity measures for digital assets.

A fraudulent crypto wallet app on Google Play reportedly stole $70,000 in a sophisticated scam, marking the first-ever to target mobile users exclusively. The malware sent unsuspecting users to a site that tricked them into authorizing transactions and accessing their funds. 

Advertisement

The malicious app disguised itself as the reputable WalletConnect protocol, but it was a sophisticated scheme to drain crypto wallets. Initially uploaded to Google Play in March 2024, the app remained undetected for over five months, using evasion techniques, and was downloaded more than 10,000 times. However, only 150 users fell victim to the scam, according to a report by Checkpoint Research. The Google Play Store has now removed the fake WalletConnect app.

The legitimate WalletConnect facilitates secure communication between cryptocurrency wallets and decentralized applications (dApps) through QR codes. This allows users to approve transactions and interact with dApps while keeping their private keys safe.

A fake wallet app that was available on the Google Play Store for four months stole more than $70,000 worth of cryptocurrency in a phishing attack before being removed. The malware impersonated WalletConnect to trick users into authorizing transactions. The fake app was…

— Wu Blockchain (@WuBlockchain) September 28, 2024

According to Alexander Chailytko, a cybersecurity, research, and innovation manager at CPR, this incident is a wake-up call for the entire digital asset community. He underscored the importance of implementing advanced security solutions to prevent such sophisticated attacks, urging users and developers alike to take proactive measures to secure their digital assets.

Google Removes Malicious Versions of App

Google responded to the findings by stating that all malicious versions of the app identified by CPR had been removed before the report’s release. The company emphasized its Google Play Protect feature, designed to automatically safeguard Android users from known threats, even those originating outside the Play Store.

This incident follows a recent campaign uncovered by Kaspersky, where 11 million Android users unknowingly downloaded apps infected with Necro malware, leading to unauthorized subscription charges. Additionally, cybersecurity scammers have been using automated email replies to deliver crypto-mining malware in a stealthy manner.

This latest threat comes shortly after another malware warning surfaced in August. The “Cthulhu Stealer,” which targets MacOS systems, poses as legitimate software and aims to steal personal data such as MetaMask passwords, IP addresses, and private keys for cold wallets.

Expert Warns on Crypto App Security and Importance of Multi-Factor Authentication

Michael McLaughlin, co-leader of the Cybersecurity and Data Privacy Practice Group at Buchanan Ingersoll & Rooney, emphasizes the importance of basic cybersecurity hygiene on mobile devices. He suggests that users of crypto trading platforms, such as Coinbase or Kraken, should take advantage of the multi-factor authentication features offered in their mobile applications. Implementing these security measures is essential.

McLaughlin stressed the importance of closely examining cryptocurrency applications, particularly in digital stores that permit quick uploads by anyone. He advised potential downloaders to check the number of stars and reviews an app has before downloading. “If it has only three users and no stars, you’re not going to trust it,” he said.

Further, he stated:

“It would still have the same number of users, it would still have the same rating, but now you just change the name of it, and so it no longer is a strobe flashlight app, now it’s a cryptocurrency trader app. So now it looks legitimate, even though it’s not.” 

Advertisement