A dangerous scam app posing as the real WalletConnect has been found on the Google Play Store. Over nearly five months, this app tricked users into losing about $70,000 in cryptocurrency. Researchers from Check Point uncovered the scam, highlighting the growing threats faced by crypto users.
A Closer Look at the Scam
The fake app pretended to be a legitimate tool for managing cryptocurrency. By using the well-known WalletConnect branding, it gained the trust of users. With fake reviews and careful branding, the app climbed the search rankings and got over 10,000 downloads.
This isn’t the first time cryptocurrency fraud has occurred, but this case is particularly alarming because it specifically targeted mobile users. Check Point noted that this is one of the first documented cases of a cryptocurrency scam that operates only on mobile devices.
The app used several names, including "Mestox Calculator," "WalletConnect - DeFi & NFTs," and "WalletConnect - Airdrop Wallet." Although not all users who downloaded the app were affected, more than 150 people are believed to have lost significant amounts of money.
Sophisticated Techniques Used by Scammars
The scammers employed clever tactics to avoid detection and bypass Google Play's security checks. After installation, the app would redirect users based on their location and browser. This allowed the scammers to filter out potential security researchers, sending them to legitimate websites instead of the fake ones.
The app’s main malicious feature was a cryptocurrency drainer called MS Drainer. When users connected their crypto wallets, they were tricked into signing a series of transactions that gave the attackers access to their funds. Once this access was granted, the attackers could repeatedly withdraw money without needing any further permission, draining victims' wallets over time.
Global Impact of WalletConnect Scam
The app gained traction in countries like Nigeria, Portugal, and Ukraine. The developer behind the scam, known as UNS LIS, was also linked to another suspicious app called "Uniswap DeFi," which was briefly available on the Play Store in mid-2023. It’s not confirmed if that app was also harmful, but its connection to the scam raises concerns.
Although Google has removed the harmful app from its store, it is still accessible on third-party platforms, which often have lower security standards. This situation emphasizes the risks of downloading apps from unofficial sources, potentially exposing users to serious threats.
How the Scam Worked?
The fraudulent app used advanced methods to hide its malicious behavior. After installation, users were taken to a fake WalletConnect site and asked to connect their cryptocurrency wallet. Once connected, the malware began executing fake transactions, using smart contracts to move funds to the attackers’ wallets.
The attackers used two wallet addresses to receive the stolen funds: 0xf721d710e7C27323CC0AeE847bA01147b0fb8dBF and 0xfac247a19Cc49dbA87130336d3fd8dc8b6b944e1.
The tokens were transferred automatically as soon as the victim signed the fake transaction. If the victim did not revoke permission for the attackers to access their tokens, the scammers could keep stealing funds whenever new tokens were added.
The Growing Threat of Crypto Scams
This incident shows how advanced cybercriminals have become, especially in the area of decentralized finance (DeFi). Instead of relying on traditional methods like stealing passwords or asking for too many permissions, these attackers used deep links and smart contracts to conduct their thefts quietly.
“This highlights the changing nature of cryptocurrency scams. Users must be careful when downloading apps that manage their digital assets,” Check Point researchers noted in their report.
The increase in mobile-focused scams also highlights the need for better app security checks and greater user awareness about the dangers of unverified apps. As DeFi grows, so do the risks associated with it. The financial freedom that decentralized systems offer must be balanced with strong security practices from both users and developers.
How to Protect Yourself?
To protect against scams like this, cryptocurrency users should adopt safe practices. Always check the source of apps before downloading, especially those that involve money transactions. Additionally, regularly review the permissions granted to cryptocurrency wallets and revoke access when it's not needed.
By staying alert and taking proactive steps to secure their digital assets, users can help prevent themselves from falling victim to scams like the one uncovered in this case.