How a Fake WalletConnect App Evaded Detection and Stole $70K in Crypto

1 month ago 19
WalletConnect App

The post How a Fake WalletConnect App Evaded Detection and Stole $70K in Crypto appeared first on Coinpedia Fintech News

Recently, a new malware for stealing cryptocurrencies, called “WalletConnect – Airdrop Wallet”, was found in the Google Play market, deceiving users with a genuine Web3 application. The app successfully evaded the moderators’ attention for well over half a year, stealing $70,000 from unassuming individuals before the app was ultimately deleted.

Fake App Avoids Identification for Five Months

According to the case study by Checkpoint Research, initially, this app came out in Google Play in March 2024. It started with the premise of being an anonymous crypto wallet connection app while gaining its additional legitimacy through established numbered techniques. 

It tricked it wallets using the WalletConnect approach which is used to link wallet to DApps making customers to think it was an authentic application. Even though its existence is malicious the app was able to acquire more than 10,000 downloads by cheating in the search rankings through fake reviews.

Hackers Utilise Integrated Wallets to Siphon Money

To make the users fall for it, the app was designed in a way that the users had to provide their cryptocurrency wallets. Once a wallet was connected, the application, spoofing as legit cryptocurrency platforms, approved illicit transfers. This made it possible for the hackers to steal the digital currency, and move it into their own accounts without authorization from the real owners.

Fake Reviews Mislead Victims

Even when those victims have posted negative comments on the Google Play page of the app as a word of caution, the cybercriminals behind this malware promptly responded by stuffing the page with fake positive comments. This masked the app’s evil intents, more people fell prey to downloading the app.

Android users should delete ‘WalletConnect – Airdrop Wallet’ and should approach crypto apps on the Play Store with caution.

Stay Safe: What to do next??

The permission that an application requires should be looked at, the only apps that should be installed are those that are verified, and the legitimacy of the apps should be doubted before any wallets are connected. This is just a reminder of how more advanced cybercriminals have become in the world of cryptocurrency.

Read Entire Article