For four months, a fake wallet app on the Google Play Store stole more than $70,000 worth of cryptocurrency in a phishing attack. The malware was presented as WalletConnect, a popular Web3 protocol, and led unsuspecting users to a site that tricked them into authorizing transactions and accessing their funds. In total, the app was downloaded 10,000 times, although only 150 people fell for the scam, according to a Checkpoint Research report.
Authentic WalletConnect enables secure communication between crypto wallets and dApps via QR codes, allowing users to authorize transactions and interact with dApps without exposing private keys.
“Basic cybersecurity hygiene is critical, even on your mobile device,” says Michael McLaughlin, who leads the cybersecurity and data privacy practice group at the law firm of Buchanan Ingersoll & Rooney. “If you're using a crypto exchange platform, and it could be Coinbase, it could be Kraken, it could be one of those — they offer multi-factor authentication, even on their mobile app. And you have to implement them.”
McLaughlin emphasized the need for greater scrutiny of cryptocurrency apps, especially in digital stores that allow anyone to quickly install apps. McLaughlin advises prospective installers to check how many stars and reviews an app has before downloading it. “If it only has three users and no stars, you don't trust it,” he said.
McLaughlin said users should check the app's history for any suspicious or unexpected changes, such as how the product was mentioned by previous users. He cited the example of a flashlight app that had thousands of users but suddenly turned into a cryptocurrency app.
“It would still have the same number of users, it would still have the same rating, but now you just change the name, and now it's not a strobe flash app, now it's a cryptocurrency trader app,” he said. . “So now it looks legit, even though it's not.”
Generally intelligent newspaper
A weekly AI journey narrated by a generative AI model.