The Google Play Store is one of the safest ways to download apps, but it’s by no means impervious. Every so often, a big scam manages to slip past the net and score its developers a huge amount of money. Now, another app has managed to breach Google’s defenses and made off with $70,000 from its victims.
A Malicious Google Play Store App Steals Thousands From Its Users
As reported by Check Point Research, the Google Play Store saw a nasty attack after malicious actors uploaded a fake WalletConnect app. WalletConnect is a protocol used by people with cryptocurrencies to help connect their wallets with decentralized applications on Web3. While different technologies use WalletConnect to make transactions, the service itself doesn’t have an official app.
The malicious actors knew this and created a fake WalletConnect app advertised to solve many problems with the protocol. They then flooded the app with fake positive reviews to help create a false sense of security. While the reviews seem to refer to a completely different app, it was enough to push the rating high enough to make the app seem reputable.
Check Point Research reports that about 10,000 people downloaded this fake app, but only 150 people attached the app to their cryptocurrency wallets. Still, that was enough people for the malicious developers to drain $70,000 from the attacked wallets before it got shut down.
How to Stay Safe From Malicious Google Play Store Apps
In this instance, the attack only affected people with cryptocurrency wallets. However, malicious Google Play Store apps target people from all walks of life; even if you’ve never owned any cryptocurrency, it’s worth taking the time to understand how safe the Google Play Store really is.
There are plenty of ways to avoid dangerous apps on Android, but this particular one used some nasty tricks to fool people. People couldn’t use its recent publication date to identify a fake app, as it was easy to presume that it was a brand-new app that WalletConnect had released. On top of that, the flood of fake positive reviews pushed its rating up, even if their actual content was total nonsense.
In these cases, if you do see an official-looking app that was published recently, has a low number of downloads, and the reviews seem believable enough, cross-reference it with the company itself. Check its website and socials for any announcements of the app, and if you don’t find any, be sure to ask them about it. If it is fake, the company can do all it can to warn its users about it and get the app taken down.
