Recently, a new malware for stealing cryptocurrencies, called “WalletConnect – Airdrop Wallet,” was found in the Google Play market, deceiving users with a genuine Web3 application. The app successfully evaded the moderators’ attention for well over half a year, stealing $70,000 from unassuming individuals before the app was ultimately deleted.
Fake Apps Avoid Identification for Five Months
According to a case study by Checkpoint Research, this app was initially released on Google Play in March 2024. It started with the premise of being an anonymous crypto wallet connection app while gaining its additional legitimacy through established techniques.
The app tricked users by using the WalletConnect approach, which is commonly used to link wallets to decentralized applications (dApps), making customers think it was an authentic application. Despite its malicious nature, the app managed to acquire more than 10,000 downloads by manipulating search rankings through fake reviews.
Hackers Utilize Integrated Wallets to Siphon Money
To deceive users, the app was designed to require users to provide their cryptocurrency wallets. Once a wallet was connected, the application, spoofing as legitimate cryptocurrency platforms, approved illicit transfers. This enabled the hackers to steal digital currency and transfer it into their own accounts without authorization from the real owners.
Fake Reviews Mislead Victims
Even when victims posted negative comments on the Google Play page of the app as a word of caution, the cybercriminals behind this malware promptly responded by flooding the page with fake positive comments. This masked the app’s malicious intent, leading more people to download the app.
Android users should delete ‘WalletConnect – Airdrop Wallet’ and approach crypto apps on the Play Store with caution.
Stay Safe: What to Do Next?
It’s crucial to scrutinize the permissions that an application requires. Only install verified apps and always question the legitimacy before connecting any wallets. This incident serves as a reminder of how advanced cybercriminals have become in the world of cryptocurrency.
