The post This Google Play App is Draining Crypto! 10,000 Downloads, $70K Stolen appeared first on Coinpedia Fintech News
Recently, a new malware for stealing cryptocurrencies, called “WalletConnect – Airdrop Wallet”, was found in the Google Play market, deceiving users with a genuine Web3 application. The app successfully evaded the moderators’ attention for well over half a year, stealing $70,000 from unassuming individuals before the app was ultimately deleted.
Fake Apps avoid identification for five months.
According to the case study by Checkpoint Research, initially, this app came out in Google Play in March 2024. It started with the premise of being an anonymous crypto wallet connection app while gaining its additional legitimacy through established numbered techniques.
It tricked it wallets using the WalletConnect approach which is used to link wallet to dAPPs making customers to think it was an authentic application. Even though its existence is malicious the app was able to acquire more than 10,000 downloads by cheating in the search rankings through fake reviews.
Hackers Utilise Integrated Wallets to Siphon Money
To make the users fall for it, the app was designed in a way that required the users to provide their cryptocurrency wallets. Once a wallet was connected, the application, spoofing as legit cryptocurrency platforms, approved illicit transfers. This made it possible for the hackers to steal the digital currency and move it into their own accounts without authorization from the real owners.
Fake Reviews Mislead ictims
Even when those victims have posted negative comments on the Google Play page of the app as a word of caution, the cybercriminals behind this malware promptly responded by stuffing the page with fake positive comments. This masked the app’s evil intents, more people fell prey to downloading the app.
Android users should delete ‘WalletConnect – Airdrop Wallet’ and should approach crypto apps on the play store with caution.
Stay Safe: What to do next??
The permission that an application requires should be looked at, the only apps that should be installed are those that are verified, and the legitimacy of the apps should be doubted before any wallets are connected. This is just a reminder of how more advanced cybercriminals have become in the world of cryptocurrency.