Warning! Crypto-stealing app found on Google Play

-

A troubling app on Google Play was discovered stealing cryptocurrency from users, using clever tricks and mimicking trusted protocols.

Check Point Research revealed that this app managed to steal around $70,000 from over 150 victims.

How the app operated

The attackers used the Walletconnect protocol to make the app seem legitimate, manipulated Google search rankings, and avoided detection with encryption and obfuscation techniques.

CPR announced on Thursday that they uncovered this app, marking a first-of-its-kind moment as it is the first known case of a drainer targeting mobile users exclusively.

The app was active for nearly five months and used the trusted Walletconnect protocol to deceive users with fake branding and social engineering tactics.

Before it was removed from Google Play, it had tricked more than 150 users, leading to losses exceeding $70,000.

The attackers achieved over 10,000 downloads by manipulating search results and using fake reviews.

CPR also shared that advanced social engineering was key in convincing users to download the app and connect their cryptocurrency wallets.

Once users interacted with the app, they were prompted to sign harmful, fake transactions, allowing the attackers to silently drain their cryptos.

Security check my *ss

The report mentioned that not every user who downloaded the app was affected, because some didn’t complete the wallet connection, while others spotted suspicious activity and secured their assets before any harm.

Some users may not have fit the malware’s specific targeting criteria.

Further analysis by CPR showed that the app avoided detection through advanced obfuscation techniques and anti-analysis methods, even slipping past Google Play’s security checks.

The attackers used redirection and encryption tactics to hide their true motives.

This app relied heavily on external malicious scripts, making it harder to detect and allowing the attackers to stay hidden.

Be prepared!

This incident is a yet another example how cybercriminals are becoming increasingly sophisticated in their tactics, especially in DeFi where users often depend on third-party protocols to manage their assets.

As these threats grow,, and they definitely are, it becomes more important than ever for users to remain cautious when downloading app sor interacting with anything in the crypto sphere.

Have you read it yet? SHIB in trouble, gains are gone

LATEST POSTS

France Threatens the “Atomic” Option Against MiCA Passporting

France signaled it may challenge the right of crypto firms to “passport” licenses obtained in other EU countries, citing uneven enforcement under the Markets in...

Arthur Hayes ditches memecoins

Arthur Hayes, the co-founder of BitMEX, once king of memecoins like PEPE and MOTHER, which he lovingly called dogshit,just dropped a bombshell. The man’s done...

Truth Social’s token won’t come, but something else likely will

Trump Media had a big, ambitious plan to launch their very own cryptocurrency. But now? They’ve changed the tune, rolling with Crypto.com’s Cronos token instead. This...

Solana’s revenue is crushing Ethereum

Solana’s out here playing a different league, raking in cash like a boss while Ethereum and the rest play catch-up. We’re talking about revenue, the...

Most Popular

Guest posts