After 10,000 downloads, a fake application for storing crypto-assets on Google Play Store reportedly stole tens and thousands of dollars from unwary customers.
A new report by cybersecurity firm Checkpoint Research shows that a wallet drainer, which has been available on Google Play for more than five months, stole digital assets worth $70,000 from its users.
CPR claims that the malware took on an appearance of an app from WalletConnect, which doesn’t even have an application. This was done to exploit users who were confused. WalletConnect, a protocol that is available for mobile devices and web browsers, establishes links between decentralized apps (DApps) and crypto wallets.
The CPR.
A user who is not familiar with WalletConnect might think that WalletConnect itself requires a different wallet app to be installed. The attackers are hoping to take advantage of the confusion and get users searching for WalletConnect in the app store.
When searching for WalletConnect on Google Play, the users will find the malicious ‘WalletConnect – Crypto Wallet’ app at the top.”
CPR claims that the scammers used clever social engineering techniques and other tactics in order to trick hundreds of people into believing their complex crypto-scheme.
The attackers used a mix of social engineering and technical manipulation as well as cleverly exploiting user confusion in order to conduct a sophisticated cryptodraining operation.
“By capitalizing on a trusted and well-known name such as WalletConnect, and by exploiting the weaknesses of undemanding and simple applications, these criminals were able deceive more than 150 victims to accumulate large amounts of crypto without triggering suspicion.
According to the cybersecurity firm, this exploit is unique because it uses smart contracts instead of attacking traditional targets such as keyloggers.
Subscribe for email alerts to avoid missing a beat
Surf the ICD mix
Please follow us on X.
___________________
Sources of Images: Pixabay Creative Commons DALLE3
This article Fake Crypto-Wallet on Google Play Steals $70,00 in Digital Assets after Being downloaded 10,000 times: Report first appeared on The ICD.