Hold onto your hats, crypto enthusiasts! We've got a wild ride of a story that’s part thriller, part cautionary tale. Picture this: an app that’s been downloaded over 10,000 times, sneaking around like a wolf in sheep’s clothing by pretending to be an innocent calculator tool. Sneaky, right?
WalletConnect, the trusty protocol that helps you securely link your crypto wallets with decentralized apps, has sounded the alarm on this devious digital wolf. In a spicy revelation on September 29, the folks at WalletConnect announced that the sly app had been booted from the Google Play Store. But not before it made off with more than $70,000 worth of crypto from unsuspecting users. Ouch!
The drama kicked off on September 26 when the cyber sleuths at Check Point Research (CPR) blew the lid off the scam with an in-depth report. They revealed that the fake app had been lurking on Google Play for a sneaky five months, all while masquerading as a legitimate crypto tool and grifting off the WalletConnect brand’s good name.
More than 10,000 people downloaded this digital bandit, but luckily, not everyone connected their wallets. Phew! CPR also noted that the app played favorites, only targeting users based on their IP address and device type. If you ticked the wrong boxes, you were funneled into the app’s shady backend, where the nefarious MS Drainer software lay in wait.
This rogue app made its debut on the Google Play Store on March 21, 2024, under the guise of “Mestox Calculator.” It kept changing its spots, eventually posing as a WalletConnect app. Despite the name changes, its URL pointed to a seemingly harmless calculator website. This cunning disguise helped it slip past Google’s defenses.
But that’s not all. The app creators were masters of social engineering, using fake reviews and slick branding to climb the search results and lure in victims. Once the app was downloaded, it led users down a path of wallet connections and permission grants. Then, BAM! The app’s creators used advanced draining techniques to initiate fraudulent transactions, and before users knew it, their crypto was gone.
According to CPR, about 150 users got caught in this digital heist, losing over $70,000 in total. WalletConnect, standing tall as ever, reminded everyone that there’s no official WalletConnect app and urged users to stay sharp and avoid such scams in the future.
So, folks, while the crypto world is full of excitement and potential, remember to keep your wits about you and watch out for those sneaky digital wolves. Stay safe out there!
