Cybersecurity firm Check Point Research (CPR) published a report on Thursday related to the discovery of a malicious application on Google Play designed to steal cryptocurrencies. This marks the first time that a malicious Cryptocurrency app targets mobile users exclusively.
According to the firm, the app, which remained active for almost five months, posed as the legitimate “WalletConnect” protocol and misled users through social engineering and false branding tactics.
“The application managed to victimize more than 150 users, resulting in losses of more than $70,000.” The cybersecurity firm CPR expressed.
It should be noted that the attackers used the protocol name “WalletConnect” to appear legitimate and achieved more than 10,000 downloads, manipulating search rankings and using fake reviews.
Malicious application under the legitimate protocol name “WalletConnect” on Google Play. Source: Check Point Research
Additionally, CPR noted that “advanced social engineering” was crucial in tricking users into downloading the app and connecting their wallets. Once users interacted with the app, it prompted them to approve malicious transactions, allowing attackers to inadvertently drain their digital assets.
However, the CPR report also noted that not all users who downloaded the malicious app were affected.
“Some users did not complete the wallet connection, others recognized suspicious activity and secured their assets. Additionally, it is also possible that some may not have met malware-specific selection criteria.” CPR said.
It is important to note that WalletConnect is an open source protocol that establishes a communication link between dApps and mobile wallets, guaranteeing a fluid and secure user experience.
The malicious Google Play app was popular in Nigeria, Portugal and Ukraine
Additionally, according to the CPR report, the hackers used advanced redirection and encryption tactics to hide their true intentions. Additionally, the malicious application relied heavily on external malicious scripts, making detection difficult and allowing attackers to remain hidden.
“This incident highlights the growing sophistication of cybercriminal tactics, especially in decentralized finance, where users often rely on third-party protocols to manage digital assets.” He expressed CPR.
It is worth noting that while the app is no longer available for download from the Google Play store, data from the “SensorTower” platform shows that the malicious app was popular in Nigeria, Portugal and Ukraine, and was linked to a developer called “ UNS LIS.
In addition, the developer “UNS LIS” is also associated with another application called “Uniswap DeFI”, which remained active in the Play Store for approximately a month between May and June 2023.
Likewise, according to the report presented, the malicious application was published on Google Play on March 21, 2024 with the name “Mestox Calculator”, and subsequently, the name of the application was modified several times until it was finally named “WalletConnect – Airdrop “Wallet”.
«The malicious application did not rely on traditional attack vectors such as permissions or keylogging. “Instead, it used smart contracts and links to silently drain crypto assets once users were deceived.” CPR noted.
It is important to note that the cryptocurrency community must continue to educate itself on the risks associated with Web3 technologies. For reference, this recent case shows that even seemingly harmless interactions from a mobile phone can cause significant financial losses for users.
“To protect themselves, users should remain vigilant and be cautious about the apps they download, even when they appear legitimate.” He expressed the report.
Do you want to always be updated in the world of cryptocurrencies? Subscribe now to the CriptoTendencia WhatsApp channel! Here you will instantly receive the most relevant information about Bitcoin, Altcoins, DeFi, NFTs, Blockchain and the Metaverse.
Related
Crypto Keynote USA
For the Latest Crypto News, Follow ©KeynoteUSA on Twitter Or Google News.