{"vars":{"id": "108938:4684"}}

Wallet Connect Scam: Malicious App Steals $70K in Cryptocurrency Over Five Months

Wallet Connect Scam: A fake app posing as WalletConnect was discovered on the Google Play Store, stealing $70,000 in cryptocurrency over five months. The app used deceptive tactics like fake reviews and branding to trick over 150 users.
By TVN Bureau Updated: Sep 29, 2024, 16:30 IST

Cybersecurity researchers have uncovered a malicious app on the Google Play Store that was disguised as the legitimate WalletConnect service, resulting in the theft of approximately $70,000 in cryptocurrency over a period of five months. The app targeted unsuspecting users and tricked them into downloading it, thinking it was a genuine tool for managing their digital assets.

Wallet Connect Scam: How It Happened

The fake app, identified by cybersecurity firm Check Point, mimicked WalletConnect, an open-source protocol widely used by crypto users. By posing as a legitimate app, the scam achieved over 10,000 downloads, deceiving users through fake reviews and convincing branding.

According to Check Point, this is the first known case where a crypto-draining app exclusively targeted mobile device users. The app, found under names like "WalletConnect - DeFi & NFTs" and "WalletConnect - Airdrop Wallet," affected over 150 users. However, not all users who downloaded the app were necessarily impacted.
 

How the Fake WalletConnect App Worked

Once the app was installed, it redirected users based on their IP address and device information to a fake website. Users accessing the site from desktop browsers were taken to legitimate websites to avoid detection, allowing the malicious app to bypass Google's app review process.

The malware used in this scam, known as MS Drainer, tricked users into connecting their crypto wallets and signing transactions. These transactions allowed the attackers to withdraw tokens from the victim's wallet, sending them to a separate wallet controlled by the scammers.

Fake WalletConnect App Targets Global Users

The scam app was primarily popular in countries like Nigeria, Portugal, and Ukraine, and was developed by an entity named UNS LIS. The developer had also created another suspicious app called "Uniswap DeFI," which was active on the Play Store for about a month between May and June 2023.

Although both apps were removed from the Play Store, they are still available through third-party marketplaces, further highlighting the risks of downloading APK files from unofficial sources.

Crypto Draining Tactics and Sophisticated Cybercrime

This Wallet Connect scam is part of a broader trend in which cybercriminals are exploiting decentralized finance (DeFi) platforms. The attackers used smart contracts and deep links instead of traditional attack methods like keylogging or phishing, making the scam harder to detect.

Once users were tricked into signing transactions, the app granted the attackers’ address permission to transfer the maximum amount of assets from the victim's wallet. If the victim did not revoke this permission, the attackers could continuously withdraw funds without needing further action from the user.

What to Do If You’re Affected by the WalletConnect Scam

If you’ve used an app like the fake WalletConnect, it’s crucial to revoke any permissions granted to malicious addresses immediately. Users should also avoid downloading APK files from third-party sources and ensure that they are using verified apps from trusted developers.

Cybersecurity experts warn that the increasing sophistication of cybercriminal tactics, especially in decentralized finance, means users must be more vigilant when managing their digital assets.
Source: thehackernews.com
Read More News