Keeping an ear to the ground in the world of scams can really benefit people whose lives are plugged into the digital world, particularly if they are involved in storing/trading digital assets such as cryptocurrency.

The cryptocurrency community is no stranger to scams of various kinds, but now researchers are sounding the alarm on a new type of scam that's been described as a world first. According to a report from investigators at Check Point Researchers (CPR), an app called WalletConnect appeared on the Google Play Store. WalletConnect assumed the identity of the legitimate app with the same name, but did come with some adjustments.
The fraudulent WalletConnect app was marketed to consumers as able to solve many of the problems voiced about the legitimate WalletConnect app. Additionally, the legitimate app wasn't on the Google Play Store, which meant when users when to search for WalletConnect they were presented with the malicious app. More than 10,000 people downloaded the app, and according to CPR approximately 150 wallet addresses were drained of their contents.

How did it work? After installing the app users were pushed to link their cryptocurrency wallet addresses and then authorize various transactions. Users were then directed to a malicious website that captured all wallet details and through the use of smart contracts the bad actors authorized the draining of victims' wallets, resulting in approximately $70,000 being stolen.
"This incident is a wake-up call for the entire digital asset community as the emergence of the first mobile crypto drainer app on Google Play marks a significant escalation in the tactics used by cybercriminals and the rapidly evolving landscape of cyber threats in decentralized finance. This research highlights the critical need for advanced, AI-driven security solutions that can detect and prevent such sophisticated threats. It's essential that both users and developers stay informed and take proactive measures to secure their digital assets," said Alexander Chailytko, cybersecurity, research, and innovation manager at CPR
Notably, the malicious app was launched in March on the Google Play Store and detected five months later.