Crypto users must stay vigilant as another malicious Android application has surfaced, aiming to steal funds from unsuspecting victims. A fake app posing as “WalletConnect” has reportedly siphoned over $70,000 from around 150 users who unknowingly downloaded it and connected their crypto wallets, according to cybersecurity researchers at Check Point.
The app made its debut in March under the name “Mestox Calculator” but quickly switched names multiple times. It is also known as “WalletConnect – Crypto Wallet.” Another malicious listing linked to the same group was launched in February, branded as “Walletconnect | Web3Inbox.”
Check Point’s investigation revealed that the creators of the “WalletConnect – Crypto Wallet” app likely generated fake five-star reviews to enhance its legitimacy. Many of these reviews appear generic and fail to relate to the app’s features. Despite this, the app accumulated over 20 negative reviews branding it a scam. One unfortunate user reported losing $615 worth of Tether, a stablecoin, after connecting their crypto wallet to the fraudulent app.
Fortunately, the app has since been removed from the Google Play Store. If you have it installed on your device, it is crucial to delete it immediately.
Once installed, the app functions as a web browser that directs users to a calculator site, which serves as a decoy to avoid detection. If a user’s IP address meets certain criteria, they will be redirected to a malicious website. If not, they remain on the harmless-looking calculator page, seemingly unaffected.
While the calculator site does not trigger alarms from free link checkers like NordVPN, the secondary site users are redirected to has been flagged as dangerous. NordVPN’s analysis indicates that this site is suspicious and likely contains malware or unwanted applications.
Unfortunately, the assessment is accurate. The malicious code operates outside the app, making detection more difficult, as explained by Check Point. This makes the app function merely as a “thin client” for what is known as a crypto drainer.
The underlying malicious tool, identified as MS Drainer, is classified as malware-as-a-service specifically targeting crypto wallets. Check Point reports that this drainer costs attackers about $1,500 to licence, and it comes with a 10% commission on the stolen funds embedded into the malicious blockchain smart contract.
User-friendliness is a common hurdle for crypto wallets, making it easier for scammers to mislead users into granting access to their funds. In the crypto world, users frequently have to “sign” messages with their wallets to connect to various websites and applications, even when no actual funds are being transferred. In this case, the scammers have cleverly disguised the signing process as harmless.
The app first assesses the user’s crypto holdings, attempting to steal the most valuable assets before moving on to less valuable tokens. This strategy takes advantage of the often unclear nature of crypto transactions, making it difficult for non-experts to discern every request for signature or transaction.
In legitimate transactions, the descriptions can be confusing or presented as strings of code, adding to the potential for deception. This complexity can lead users to inadvertently authorise actions that compromise their assets.
As the landscape of cryptocurrency continues to evolve, so do the tactics employed by malicious actors. Users must remain aware of potential threats and exercise caution when downloading applications or connecting their wallets.
Cybersecurity experts urge individuals to verify the legitimacy of apps and to remain sceptical of overly positive reviews that may be fabricated. Ensuring that a wallet app is from a reputable source and has been thoroughly vetted can significantly reduce the risk of falling victim to scams.
Furthermore, it is essential for crypto users to stay informed about the latest security threats and to utilise best practices for safeguarding their assets. Regularly updating security software, enabling two-factor authentication, and being cautious of unsolicited messages can help protect against these types of attacks.
In light of the growing sophistication of malware targeting cryptocurrencies, users should also consider diversifying their holdings across multiple wallets and using hardware wallets for storing significant amounts of digital assets. This approach provides an additional layer of security against potential breaches.
The incident involving the fake WalletConnect app serves as a timely reminder for crypto users to remain vigilant and proactive in protecting their funds. As the crypto ecosystem continues to expand, so does the need for awareness and education about potential risks.
With the right knowledge and tools, users can better navigate the often murky waters of cryptocurrency, minimising the risk of falling victim to scams and malicious applications. It is crucial to remain alert and informed in an environment where the stakes are high, and the consequences of negligence can be steep.