CryptoNews

Malicious Crypto-Stealing App Exposed on Google Play

Malicious App on Google Play Steals Cryptocurrency

An app on Google Play was discovered stealing cryptocurrency from users, employing advanced social engineering and trusted protocols. Check Point Research exposed the app after it had siphoned $70,000, deceiving over 150 victims. The attackers used the Walletconnect protocol to appear legitimate, manipulating Google search rankings and avoiding detection through encryption and obfuscation techniques.

Malicious App on Google Play Steals Cryptocurrency Using Walletconnect Protocol

Cybersecurity firm Check Point Research (CPR) shared on Thursday that it has “uncovered a malicious app on Google Play designed to steal cryptocurrency marking the first time a drainer has targeted mobile device users exclusively. ”

The app, which remained active for nearly five months, exploited the trusted Walletconnect protocol and tricked users through fake branding and social engineering tactics. The cybersecurity firm detailed that before the app was removed from Google Play:

It managed to victimize over 150 users, resulting in losses exceeding $70,000.

The attackers used the Walletconnect name to appear legitimate, achieving over 10,000 downloads by manipulating search rankings and using fake reviews. According to CPR, “Advanced social engineering” played a crucial role in deceiving users into downloading the app and connecting their cryptocurrency wallets. Once users interacted with the app, it prompted them to sign malicious transactions, allowing attackers to drain their digital assets silently.

The report mentioned, “Not all of the users who downloaded the drainer were affected,” adding:

Some didn’t complete the wallet connection, others recognized suspicious activity and secured their assets, and some may not have met the malware’s specific targeting criteria.

Further analysis by CPR revealed that the app avoided detection using sophisticated obfuscation techniques and anti-analysis methods, even bypassing Google Play’s security checks. The attackers used advanced redirection and encryption tactics to mask their true intentions. The app relied heavily on external malicious scripts, complicating detection and allowing attackers to remain hidden. CPR emphasized, “This incident highlights the growing sophistication of cybercriminal tactics,” especially in decentralized finance, where users often rely on third-party protocols to manage digital assets.

Source: Bitcoin

Related posts
AI & RoboticsNews

Midjourney launches AI image editor: how to use it

AI & RoboticsNews

Meta just beat Google and Apple in the race to put powerful AI on phones

AI & RoboticsNews

DeepMind’s Talker-Reasoner framework brings System 2 thinking to AI agents

Cleantech & EV'sNews

Ford F-150 Lightning and Mustang Mach-E drivers just gained Google Maps EV routing

Sign up for our Newsletter and
stay informed!

Worth reading...
Tether Aids DOJ in Seizing $6M in Assets Tied to Crypto Scams