Check Point Research found that the scammers imitated the branding and functionality of the real open-source WalletConnect protocol. When users connected their crypto wallets to the fraudulent application, the malware asked them for extensive permissions, which did not arouse suspicion due to the service’s interface, which was similar to the original protocol. Having received the necessary permission from users, the attackers easily transferred cryptocurrencies from the victims’ wallets to their addresses.
To increase the reputation and ranking of their application in search, attackers used fake reviews. The application was originally called Mestox Calculator, and it has already changed its name several times. To remain undetected for months on the Google Play Store, scammers used advanced evasion techniques.
The app directed users based on IP address and device type to ensure that the malicious backend could only be accessed under certain scenarios. Smart contracts and deep links were used to attack and carry out actions covertly. This made it possible to bypass both automatic and manual Google Play security checks, analysts found.
More than 10,000 users downloaded the fake app, and at least 150 victims lost a total of $70,000 in crypto assets. Check Point Research urged users to be vigilant to avoid becoming victims of crypto scammers.
Fraudulent apps on the Google Play Store are not uncommon. A few years ago, a fake Trezor Mobile Manager Wallet application appeared in it, where scammers requested a passphrase from a crypto wallet. After downloading such an application, a Trezor hardware wallet user lost 17.1 BTC.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
