HQ/EMEAFind out how we can help your business
A crypto-draining operation that impersonates the legitimate WalletConnect app has infected thousands of individuals. Based on reports, this malicious operation, which has run for five months already and uses an app available on Google Play, has already garnered 10,000 downloads.
Researchers stated that the malicious app presented itself as a lightweight Web3 tool with numerous blockchain functions. It claimed to operate as a gateway between cryptocurrency wallets and decentralised apps (dApps).
On the other hand, the genuine WalletConnect is an open-source crypto bridge technology that performs a similar function but has certain limitations because not all wallets support it. However, the fake software has been on Google Play since March, and its ranking has been increased by phoney user reviews, increasing its visibility to more prospective victims.
The fake WalletConnect redirects users to a fraudulent domain.
Once users install the fake WalletConnect app, it leads them to a fraudulent website, where they are prompted to authorise many transactions, resulting in the theft of crucial wallet information and digital assets.
Researchers examined the program and concluded that it prioritised the extraction of more expensive tokens over stealing items of lower value. This fake WalletConnect software received 10,000 downloads during its five-month run on the official Android store.
A recent tally shows that at least 150 victims fell for the fraud and lost over $70,000 in digital assets. Still, only 20 of them provided negative feedback on Google Play. Furthermore, the fraudsters probably manipulated the download count due to the disparity between the number of victims and downloads.
Now, Google has removed the fake software app from the Play Store after the researchers reported their findings. Still, users should exercise caution when connecting Bitcoin wallets to a platform or service and adequately review each transaction/smart contract before approving it.
Although Google Play has security systems prohibiting apps with dangerous code, some cases can still make it to the store. Notably, fraudulent behaviour does not include malicious code but relies on redirections to various platforms and services.
Therefore, smartphone users, especially those using Android-based devices, should be vigilant when downloading applications, as threat actors commonly use these software solutions to distribute hostile payloads.
