A clever scam that targets just mobile users has allegedly seen a phony digital currency wallet app on Google Play steal $70,000 from customers. This is said to be a first around the world.
The malicious program, called WalletConnect, appeared to be a well-thought-out plan to empty cryptocurrency wallets while imitating the actual and reputable WalletConnect protocol.
Over 10,000 people were tricked into installing the fraudulent program, according to Check Point Research (CPR), the cybersecurity company that first discovered the scam.
The app’s fraudsters were well aware of the common problems web3 users have, such as compatibility problems and the absence of WalletConnect support across wallets.
They took advantage of the fact that there isn’t an official WalletConnect app on the Play Store to pitch the fake software as a fix for these issues.
Coupled with a flood of fabricated favorable ratings, the software seemed real to unwary users.
Despite the program having been downloaded over 10,000 times, CPR’s analysis found transactions connected to over 150 cryptocurrency wallets, suggesting the precise amount of people that were duped.
The program, which promised to provide safe and easy access to web3 apps, asked users to link their wallets after installation.
Users were sent to a fraudulent website as soon as they approved transactions, which stole their wallet information, including known addresses and the blockchain network.
By taking advantage of smart contract features, the attackers managed to start illicit transactions and remove precious cryptocurrency tokens from the victims’ wallets.
An estimated $70,000 was the overall amount taken from this operation.
Only 20 victims of the malicious program wrote negative ratings on the Play Store, which were swiftly overtaken by a large number of phony positive reviews.
This made it possible for the app to go unnoticed for five months, until its actual purpose became apparent and it was taken down from the platform in August.
According to CPR’s manager of cybersecurity, research, and innovation, Alexander Chailytko, “this incident serves as a wake-up call for the entire digital asset community.”
In order to stop such complex assaults, he underlined the need for cutting-edge security solutions and urged developers and users to take preventative measures to safeguard their digital assets.
As to the September 26 study by Check Point Research, this is the initial instance of a mobile drainer software that is specifically targeting the cryptocurrency ecosystem.
More than 10,000 individuals downloaded this fake software thanks to smart branding and fake reviews that raised it up in search results.
The app was first released on March 21 under the name “Mestox Calculator.” It was able to go past security checks in the Google Play approval process because its official URL pointed to what looked to be a reliable calculator website.
Even though the app’s name was altered many times, its seemingly innocent URL allowed it to stay in the store unnoticed for months.
After installation, the app would direct users to ‘MS Drainer’, a malicious software. Pretending to validate them, this app requested users to link their wallets.
Users unintentionally allowed the fraudsters to withdraw any amount of money from their wallets by doing this.
“This incident highlights the growing sophistication of cybercriminal tactics, particularly in the realm of decentralized finance, where users often rely on third-party tools and protocols to manage their digital assets. The malicious app did not rely on traditional attack vectors like permissions or keylogging. Instead, it used smart contracts and deep links to silently drain assets once users were tricked into using the app.’ Check Point Research said.
In response to these discoveries, Google said that all harmful versions of the app found by CPR had been taken down prior to the report’s release.
Google emphasized that Android users are promptly shielded by Google Play Protect against known dangers, even if they don’t originate from the Play Store.
The event comes after a previous Kaspersky effort that involved 11 million Android users downloading malicious applications without realizing it and incurring illegal membership fees.
Cybersecurity criminals are making another effort to breach networks and distribute covert cryptocurrency mining software by employing automated email replies.
Check Point Research urged users to exercise caution when installing apps, even from reputable stores like Google Play.
This story emphasizes how crucial it is to remain informed about the cryptocurrency space.
If people are not vigilant, even seemingly insignificant activities like attaching a wallet might result in significant financial losses.
