September 26, 2024 at 09:15AM
A fraudulent app named WallConnect, posing as the legitimate ‘WalletConnect’, garnered over 10,000 downloads on Google Play over five months. It deceived users by leading them to a malicious website, resulting in the loss of digital assets worth over $70,000. Due to potential manipulations, the download count may have been artificially inflated. The app has been removed from the store following its exposure by Check Point researchers. Users are urged to exercise caution when connecting cryptocurrency wallets to platforms and to carefully review all transactions and smart contracts. Despite Google Play’s defense mechanisms, some malicious apps can still bypass security measures by employing redirections rather than malicious code.
Based on the meeting notes, it has been reported that a malicious app posing as the legitimate ‘WalletConnect’ project has been distributed over Google Play for a period of five months and received more than 10,000 downloads. The fake app, named ‘WallConnect,’ masqueraded as a lightweight Web3 tool with various blockchain capabilities and operated as a proxy between cryptocurrency wallets and decentralized applications.
The real WalletConnect is an open-source crypto bridge protocol with certain limitations due to not all wallets supporting it. The deceptive app employed fake user reviews to boost its ranking on Google Play and attract more potential victims.
Upon installation, the app directed users to a malicious website where they were prompted to authorize several transactions, leading to the theft of sensitive wallet information and digital assets. The app prioritized the withdrawal of more valuable tokens and, over its five-month tenure, managed to deceive at least 150 victims, resulting in the loss of digital assets exceeding $70,000. Notably, only 20 victims left negative reviews on Google Play, suggesting that the number of victims could be higher than the reported download count of 10,000.
Fortunately, the fake app has been reported to Google by Check Point researchers and has subsequently been removed from the Android store. It is recommended that users exercise caution when linking cryptocurrency wallets to platforms or services and conduct thorough assessments of any transaction or smart contract before approval. Despite Google Play’s defense mechanisms against malicious apps, fraudulent activities like this can still occur, especially when they involve redirections to other platforms and services rather than the use of explicit malicious code.