Introduction
Attackers continue to try and exploit various means to steal funds from Unsuspecting users. The old trick of trying to impersonate credible apps and platforms has resulted in another massive loss of funds. WalletConnect is a popular connection that allows a user to link their web3 wallet to a defi platform. Recently, attackers developed a fake app called WalletConnect and launched on on Google Playstore. Without being aware of it, users downloaded the app and are now counting their losses.
It was not after a long period of time and more than $70,000 stolen that the malicious app was discovered and taken down. But the worse has already happened much earlier. The app has already been downloaded by many users who mistook the name for the main organization that made Walletconnect. Here is how it happened and why all users must beware of apps they download from Google Playstore.
From Playstore to lost funds
The fake Walletconnect app popped up on Playstore just like other mobile apps launched there. How it evaded all security lines remain a mystery, considering that the app stayed too long enough not to cause considerable damage. The fake app allegedly stayed on playstore for 5 months, allowing it time to deceive unsuspecting victims.
The main Walletconnect gateway is never a mobile app. This should have been the first red flag for those victims that lost more than $70k in total. Walletconnect is a window that only appears when a users on a Defi platform is prompted to link their web3 wallet. But this malicious app was launched on Playstore and paraded as the original connection for web3 users.
The blockchain security firm Check Point Research (CPR) was first to identify the threat and explained how it operated. Once users downloaded the app to their device, it prompts them to sign transactions that appear legitimate. These transactions although appearing genuine are in fact the work of drainers that are part of the malicious app. The victim will then validation the transactions by signing them the way it is done in every web3 transaction. Once they do, they have in essence validated illegal transfers of crypto funds from their wallet.
The drainers often provide phishing links to start the transaction process. If the user is not aware of what is happening, clicking such links will create a connection to their wallet. When a window pops up for them to confirm the transaction, it would be the final act to steal the funds. This fake app and the thieve behind it were able to pull this trick effective and stole funds as mentioned above before it was discovered.
The long presence of the app going undetected in PlayStore made matter worse. It gave the thieves the publicity they badly need to target up to 10,000 users who downloaded and installed the fake app. The extent of damage was really curtailed because not everyone that downloaded the app linked it to their web3 wallet. It could be that some of the users spotted something fishy about the app and refrained from letting it interact with their wallet. But for those that ended on the bad side. they are counting their cost.
Walletconnect alerts users
WalletConnect later saw the fraud and had to warn users about it. Of course by then, the app has been removed after CPR created alert for crypto users. Through their official X account, WalletConnect announced that they are not behind the app and warned users never to interact with it. Here is the official word from them:
The WalletConnect Foundation is aware of a recent scam where bad actors developed a malicious app that exploited the WalletConnect name and was available on the Google Play Store. The app has been removed from Google Play Store. The Foundation reminds everyone that there is no WalletConnect app. Be wary of downloading any app that purports to be a WalletConnect app. source
If you have been a victim of this scam, it would be best to quickly uninstall the app and revoke all signed transactions as fast as you could. Of course, this would only serve to secure any keep any funds left safe.
Beware of fake apps
While mobile stores provide a way to quickly download apps to your device, attackers are targeting crypto users to steal their funds from them. If this fake wallet app could exist undetected for 5 months on PlayStore, then one could only imagine how many fake crypto apps there are now.
So it is very important to verify if any wallet or crypto app you are about to download is from official channels. Its important to check names and logos and also official links of such apps. One fake app or download is all that is required to loose life savings.
This also applies to Dapps in various web3 stores. Sometimes, attackers are able to deploy their own fake apps which are designed to steal for anyone that downloads it. If one is really careful, they will be able to avoid installing any malicious app that could cause damage just like the fake one above.
Thumbnail is from pixabay
Posted Using InLeo Alpha