A crypto draining app mimicking the legitimate ‘WalletConnect’ project has been distributed over Google Play for five months getting more than 10,000 downloads.
The malicious app used the name WallConnect and posed as a lightweight Web3 tool with various blockchain functionalities, offering to act as a proxy between cryptocurrency wallets and decentralized applications (dApps).
The real WalletConnect is an open-source crypto bridge protocol that does the same thing but comes with some limitations because not all wallets support it.
The fake app was present on Google Play since March and boosted its ranking through fake user reviews, thus extending visibility to more potential victims.
Once installed, the app directed the users to a malicious website where they were asked to authorize several transactions, which resulted in stealing sensitive wallet information and the digital assets.
Check Point researchers analyzed the app and say that it prioritized the withdrawal of more expensive tokens before stealing items of lesser value.
In the five months that it was available through the official Android store, the download count for the impostor WalletConnect app reached 10,000.
The analysts report that at least 150 victims fell for the scam and lost digital assets exceeding $70,000. However, only 20 of them left negative reviews on Google Play.
Given the difference between the number of victims and the downloads, it is possible that the fraudsters also artificially inflated the download count.
Check Point researchers reported the fake app to Google and it has been removed from the Android store.
Users should be more careful when linking cryptocurrency wallets to a platform or a service and thoroughly check any transaction/smart contract before approving it.
Although Google Play has its defense mechanisms that block apps with malicious code, some of them can still make it on the store, especially when the fraudulent activity does not involve malicious code but relies on redirections to various platforms and services.