Thu Sep 26 14:08:09 UTC 2024: ## Cryptocurrency Wallet Drainer App Steals $70,000 From Android Users
**London, UK -** A fraudulent mobile app posing as the legitimate WalletConnect protocol has siphoned $70,000 from unsuspecting Android users, marking a new era in crypto-related scams. The app, disguised as a solution to common WalletConnect compatibility issues, attracted over 10,000 downloads, with at least 150 users losing funds.
Researchers at Check Point Research (CPR) found that the app, available on Google Play, tricked users into linking their cryptocurrency wallets under the pretense of enhanced security and access to decentralized applications. The app then redirected users to malicious websites, allowing the attackers to steal crypto tokens through smart contract manipulation.
The fraudulent app, utilizing the official WalletConnect logo and fake positive reviews, went undetected for five months, highlighting a potential weakness in Google’s app vetting process. The app was finally removed from the Play Store after CPR alerted authorities.
“This incident is a wake-up call for the entire digital asset community,” said Alexander Chailytko, cybersecurity researcher at CPR. “The emergence of the first mobile crypto drainer app on Google Play marks a significant escalation in cybercriminal tactics.”
CPR emphasizes the urgent need for advanced security measures to combat such sophisticated threats. Users are advised to be vigilant and cautious when downloading apps, particularly those claiming to solve common issues related to popular services.
Google has acknowledged the incident and stated that the malicious apps were removed prior to the report’s publication. They also reiterated the importance of Google Play Protect, a built-in security feature that safeguards against known malware. However, the ease of sideloading apps on Android devices remains a concern, leaving users vulnerable to potential attacks.
First Piper 