A crypto-stealing app lurked on Google Play and stole over $70,000 from victims
According to cybersecurity firm Check Point Research, an alarming security breach on the Google Play Store led to more than $70,000 being stolen from crypto users. The company discovered a fraudulent app that had been active for over five months, using sophisticated techniques to avoid detection. The malicious app posed as WalletConnect, a trusted platform in the crypto world known for linking digital wallets to decentralized finance (DeFi) applications.
The app, which was downloaded over 10,000 times, primarily targeted mobile users through fake reviews and consistent branding. Though not all users were affected, more than 150 individuals lost funds as their wallets were drained of assets. Some users avoided the scam by not connecting their wallets or identifying the app as suspicious. However, others fell victim due to the app’s clever disguise and evasion methods.
Initially published in March under the name “Mestox Calculator,” the app changed its title multiple times, yet its web address pointed to an innocent calculator site. This allowed the app to bypass Google’s review process and remain undetected for months. Once installed, the app exploited a tactic where it prompted users to connect their wallets and grant permissions. This opened the door for attackers to siphon off the maximum amount of assets from the victim’s wallet.
The cybercriminals used smart contracts and deep links to drain the wallets, bypassing traditional attack methods like permissions or keylogging. This case highlights the growing sophistication of online scams targeting crypto users, according to Check Point Research.
Although the app has now been removed, the incident underscores the need for stricter app verification on platforms like Google Play. The researchers urge users to be cautious when downloading apps and interacting with Web3 technologies, as even seemingly legitimate apps can lead to significant financial losses.
