A fraudulent cryptocurrency wallet app named WalletConnect on Google Play has scammed users out of $70,000 in a sophisticated scheme that targeted mobile users exclusively. The app mimicked the reputable WalletConnect protocol but was designed to drain crypto wallets. With over 10,000 users falling victim to the scam, the scammers marketed the app as a solution to common web3 issues like compatibility challenges and the lack of widespread support for WalletConnect across different wallets. Fake positive reviews helped make the app appear legitimate to unsuspecting users.
Despite being downloaded over 10,000 times, only 20 victims left negative reviews on the Play Store, which were quickly overshadowed by numerous fake positive reviews. The deceptive app prompted users to link their wallets under the guise of providing secure and seamless access to web3 applications. However, it redirected users to a malicious website that harvested their wallet details, allowing the attackers to initiate unauthorized transfers through smart contracts and siphon off valuable cryptocurrency tokens. The total amount stolen was estimated to be around $70,000 before the true nature of the app was exposed, leading to its removal from the platform in August.
Google Play quickly removed all malicious versions of the WalletConnect app identified by Check Point Research before the report’s publication. Google emphasized that its Play Protect feature automatically protects Android users against known threats, even those originating from outside the Play Store. This incident serves as a reminder of the importance of advanced security solutions to prevent sophisticated attacks in the digital asset community. Alexander Chailytko, the cybersecurity, research, and innovation manager at CPR, stressed the need for proactive steps from both users and developers to secure digital assets in light of such scams.
In a related incident, Kaspersky recently exposed a campaign where 11 million Android users unknowingly downloaded apps infected with Necro malware, resulting in unauthorized subscription charges. Additionally, cybersecurity scammers are using automated email replies to compromise systems and deliver stealthy crypto mining malware. In August, a MacOS malware threat known as the “Cthulhu Stealer” was identified, which masquerades as legitimate software and targets personal information, including MetaMask passwords, IP addresses, and cold wallet private keys. These ongoing threats highlight the need for continued vigilance and proactive measures to safeguard against cyber attacks and digital asset theft.
