A fake crypto wallet application on the Google Play Store has reportedly stolen tens of thousands of dollars worth of crypto assets from unsuspecting customers after seeing 10,000 downloads.
According to a new report from cybersecurity firm Checkpoint Research (CPR), a malicious wallet drainer on Google Play stole $70,000 worth of digital assets from users after being available in the store for over five months.
CPR says the malware disguised itself as an app associated with WalletConnect – which itself doesn’t have an app – to take advantage of confused users. WalletConnect is a protocol for web browsers and mobile phones that establishes connections between crypto wallets and decentralized applications (DApps).
Says CPR,
“Given all the complications with WalletConnect, an inexperienced user might conclude that it is a separate wallet application that needs to be downloaded and installed. Attackers hijack the confusion, hoping that users will search for a WalletConnect app in the application store.
However, when searching WalletConnect in Google Play, users find the malicious app ‘WalletConnect – Crypto Wallet’ at the top of the list.”
According to the CPR, the creators of the exploit used social engineering and other clever tactics to carry out and obfuscate their complicated crypto scheme, scamming hundreds of victims.
“The attackers leveraged a combination of social engineering, technical manipulation, and clever exploitation of user confusion to carry out a sophisticated crypto-draining operation.
By capitalizing on a well-known and trusted name like WalletConnect and exploiting the shortcomings of simple and undemanding applications, they were able to deceive over 150 victims and accumulate significant amounts of cryptocurrency without triggering immediate suspicion.”
The cybersecurity firm goes on to say that the exploit was unique in that it relied on smart contracts rather than attacking conventional targets, such as keyloggers.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxGenerated Image: DALLE3