Users have downloaded the fake WalletConnect client more than 10,000 times

The fake application, which pretended to be a mobile client of the WalletConnect protocol, was available on Google Play for about five months and was downloaded over 10,000 times. This follows from the expert report Check Point Research.

The application was added to the platform in March 2024. According to experts, its developers used various methods to evade detection, which allowed the program to operate for about five months.

Until the blocking, the application had a high rating of 4.8 points. The client himself was directly directed to the phishing service. When connecting the wallet, the attackers gained access to it and transferred funds to their own accounts.

The report indicates that about 150 people were affected by the scammers. The total losses are relatively small – $70,000 – but the case has attracted the attention of experts as the first aimed exclusively at mobile device users.

Notably, the app was originally uploaded to Google Play under the name Mestox Calculator. However, later it was renamed several times, experts noted.

Note that the WalletConnect protocol itself acts as a kind of “bridge” that allows you to interact with various dApps directly from a mobile device.

In mid-September 2024, the project team announced the launch of the WCT token. According to the co-founder of the Blockaid project under the pseudonym R4ZN1V, the first phishing resource that masqueraded as the protocol website, appeared half an hour after release.

Moreover, over the next few days, about 150 fake WalletConnect applications appeared online. He urged users to exercise caution and noted the need for careful analysis.

Stay informed! Subscribe to World Stock Market in Telegram.

Source: Cryptocurrency

You may also like