Warnings issued after world-first Google Play Store app drains $70,000 from victims

Security researchers are sounding the alarm on a new type of scam targeting mobile users and calling for AI-driven security upgrades to protect users.

Warnings issued after world-first Google Play Store app drains $70,000 from victims
Comment IconFacebook IconX IconReddit Icon
Tech and Science Editor
Published
1 minute & 30 seconds read time

Keeping an ear to the ground in the world of scams can really benefit people whose lives are plugged into the digital world, particularly if they are involved in storing/trading digital assets such as cryptocurrency.

Warnings issued after world-first Google Play Store app drains $70,000 from victims 651615156

The cryptocurrency community is no stranger to scams of various kinds, but now researchers are sounding the alarm on a new type of scam that's been described as a world first. According to a report from investigators at Check Point Researchers (CPR), an app called WalletConnect appeared on the Google Play Store. WalletConnect assumed the identity of the legitimate app with the same name, but did come with some adjustments.

The fraudulent WalletConnect app was marketed to consumers as able to solve many of the problems voiced about the legitimate WalletConnect app. Additionally, the legitimate app wasn't on the Google Play Store, which meant when users when to search for WalletConnect they were presented with the malicious app. More than 10,000 people downloaded the app, and according to CPR approximately 150 wallet addresses were drained of their contents.

Warnings issued after world-first Google Play Store app drains $70,000 from victims 651516165

How did it work? After installing the app users were pushed to link their cryptocurrency wallet addresses and then authorize various transactions. Users were then directed to a malicious website that captured all wallet details and through the use of smart contracts the bad actors authorized the draining of victims' wallets, resulting in approximately $70,000 being stolen.

"This incident is a wake-up call for the entire digital asset community as the emergence of the first mobile crypto drainer app on Google Play marks a significant escalation in the tactics used by cybercriminals and the rapidly evolving landscape of cyber threats in decentralized finance. This research highlights the critical need for advanced, AI-driven security solutions that can detect and prevent such sophisticated threats. It's essential that both users and developers stay informed and take proactive measures to secure their digital assets," said Alexander Chailytko, cybersecurity, research, and innovation manager at CPR

Notably, the malicious app was launched in March on the Google Play Store and detected five months later.

Photo of the KingSpec NX Series 512GB Gen3x4 NVMe M.2 SSD
Best Deals: KingSpec NX Series 512GB Gen3x4 NVMe M.2 SSD
Country flag Today 7 days ago 30 days ago
$37.99 USD -
Buy
$29.99 USD -
Buy
$45.98 CAD -
Buy
$36.99 CAD -
Buy
£38.99 -
Buy
$37.99 USD -
Buy
* Prices last scanned on 2/15/2025 at 9:56 pm CST - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission from any sales.
NEWS SOURCE:theregister.com

Tech and Science Editor

Email IconX IconLinkedIn Icon

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Related Topics

Newsletter Subscription