A fake cryptocurrency wallet application on the Google Play Store reportedly stole tens of thousands of dollars worth of crypto assets from unsuspecting customers after being downloaded 10,000 times.
A malicious Google Play wallet leaker has stolen $70,000 worth of digital assets from users after being available on the store for more than five months, according to a new report from cybersecurity firm Checkpoint Research (CPR). He said he stole it.
According to CPR, the malware disguised itself as an app associated with WalletConnect (it doesn't have an app itself) to take advantage of confused users. WalletConnect is a protocol for web browsers and mobile phones that establishes a connection between cryptocurrency wallets and decentralized applications (DApps).
CPR says,
“Due to the various complications with WalletConnect, inexperienced users may conclude that WalletConnect is a separate wallet application that must be downloaded and installed. Attackers can hijack the confusion and We expect users to search for the WalletConnect app in the app store.
However, when searching for WalletConnect on Google Play, users find the malicious app “WalletConnect – Crypto Wallet” at the top of the list. ”
According to CPR, the exploit authors used social engineering and other sophisticated tactics to execute and obfuscate complex encryption schemes to deceive hundreds of victims.
“The attackers used a combination of social engineering, technical manipulation, and user confusion techniques to carry out a sophisticated cryptocurrency exfiltration operation.
By leveraging a well-known and trusted name like WalletConnect and exploiting shortcomings in a simple and undemanding application, it defrauded over 150 victims and amassed large amounts of cryptocurrencies without immediately arousing suspicion. I was able to. ”
The cybersecurity firm went on to say that the exploit was unique in that it relied on smart contracts rather than attacking traditional targets such as keyloggers.
Never miss a beat – Subscribe to get email alerts delivered straight to your inbox
Check price action
follow me ×Facebook and Telegram
Surf the Daily Hoddle Mix
 
Disclaimer: The opinions expressed on The Daily Hodl do not constitute investment advice. Investors should perform due diligence before making high-risk investments in Bitcoin, cryptocurrencies, or digital assets. Please note that transfers and transactions are made at your own risk and you are responsible for any losses you may incur. The Daily Hodl does not recommend buying or selling any cryptocurrencies or digital assets. The Daily Hodl is also not an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated image: DALLE3