A fake wallet app available for four months on the Google Play Store stole over $70,000 worth of cryptocurrency in a phishing attack before it was shut down. The malware posed as WalletConnect, a popular Web3 protocol, and directed unsuspecting users to a site that tricked them into authorizing transactions, granting access to their funds. In total, the app was downloaded 10,000 times, though only 150 people fell for the ruse, according to a report by Checkpoint Research.
The actual WalletConnect enables secure communication between cryptocurrency wallets and dApps via QR codes, allowing users to approve transactions and interact with dApps without exposing private keys.
“Basic cybersecurity hygiene, even on your mobile devices, is paramount,” Michael McLaughlin, who co-leads the Cybersecurity and Data Privacy Practice Group at the law firm of Buchanan Ingersoll & Rooney. “If you're using a crypto trading platform—and it could be Coinbase, it could be Kraken, it could be any of those— they offer multi-factor authentication even on their mobile applications. And you have to implement them.”
McLaughlin emphasized the need to scrutinize cryptocurrency applications more, especially in digital stores that allow anyone to upload applications quickly. McLaughlin advised prospective downloaders to look at how many stars and reviews an application has before downloading it. “If it has only three users and no stars, you're not going to trust it," he said.
McLaughlin also said users should check the history of the application for any suspicious or sudden changes, such as how the product is referenced by previous users. He cited as an example a flashlight app that has thousands of users but then suddenly pivoted to a cryptocurrency app.
“It would still have the same number of users, it would still have the same rating, but now you just change the name of it, and so it no longer is a strobe flashlight app, now it's a cryptocurrency trader app,” he said. “So now it looks legitimate, even though it's not.”