Topic: Fake WalletConnect on Google Play (Read 264 times)

It actually is becoming one now. And to give some idea to Google itself, they're aware of it but they are too laggard in removing all of those apps that have been reported to them as likely scam apps.

Many have already faced problems because of allowing it to stay on their platform. As we can see, there have been folks that became a victim of these fake wallet apps.

They're telling that they're good in identifying the likely of these fake apps but because it's from Google Play which is a trusted based on their belief, they fell for it.

If the official app store/play store becomes a haven for scammers, then people are going to face a lot of problems. I have seen some news before that VPN apps, photo editing apps, and some other games steal user information from users' devices and sell them on the internet. But, I haven't heard about fake wallet apps which is available on Play Store or App Store.

A new fear has been unlocked for crypto newbies. While the veteran members will try to verify each way to check the apps, it will be harder for new people to keep themselves safe from those phishing, and fake apps. Now a little more work for you if you teach your friend what to do and what not to do.

Google play should step up their security measures by doing a proper verification on apps that they do list on their website for download. They should get a team that could be able to verify apps to see the security level as to know if it is worth it or not. These days it is funny how scammers flood google play store with their fake apps just to make sure they scam people.

Since it seems their verification exercise does not requires much scrutiny, scammers takes advantage of it to undergo the process without being detected and the scale successfully without being noticed and based on the trust people have on google play, they download these apps and get scammed. If google does not want to loose their user base, they should step up their security measures and properly examine applications before listing them on their website.

Developers can easily run a their application in Google play because its not too much requires tons of credentials and not reading the code at all once they got paid they will list your application, as possible ideal to download the platform to its authentic website to make sure if its real yes there's still some fake website but of course you must double check the link. Its one of their dilemma right now even in social media platforms there's a lot of fake promotion that they are the one and legit website offering a huge amount of bonuses too. I guess a safe method is to have knowledge to avoid these scams and attacks to protect you and your funds.

The fact that this fake app had been available on Google Play for a few months without being discovered is concerning. Because scammers can employ various strategies to elevate these apps' search engine rankings, a Google Play search may yield results for phony apps. Searching for an app outside of Google Play is a safer option if you are unsure of its verified website. It is preferable to be redirected from a legitimate website to the app rather than finding it through a Google Play search because Google Play has turned into a haven for scammers. When you search for Electrum on any search engine, you will always find it at the top of the results. The website address is not hidden. 

I am not surprised, the reason why the search for wallet connect is very high on google play store is because of the upcoming wallet connect airdrop that has been announced on x lately, the scammer just took advantage of the news.

There is nothing we can do to stop this unless google play store stop them from their end, the truth is many newbies are entering into crypto already and since this is airdrop related they will always take stupid route like this one.

How many newbies are we going to tell not to download the crypto wallet from playstore using the PS search engine? We really can't reach out to all of them, even the warnings in this thread cab only reach newbies that want to learn, and there are millions of them that aren't even available on this forum.

Let's say I know Electrum has an app for Android devices but I don't know their website URL or forgot what is their domain name. In this case, I usually avoid searching it on the internet and I search it on Google Play Store because I know their app is available on Play Store. Now, it is something to worry about that Google Play search can show me a fake Electrum app instead of the real one (If a fake one is available), and what if I install it? Point to note that not everyone knows how to verify who uploaded it on the Play Store and how to verify it is the official app. Probably the veteran members will be about to catch the fake one. But, newbies may fall for these traps. This is something to worry about. 

AFAIK Apple Store have more strict requirement. One of them is $99/year for developer, while Google Play only ask $25 one time which discourage small developer and scammer.


I saw Trustpilot claim they fight against fake review. But it's hard task and it's not going that well. For example, freewallet.io received review actually intended for freewallet.org[1]. Meanwhile, we can't even leave review for freewallet.org[2] which is known for selective scam and stealing data under pretense of data verification due to "suspicious" behavior[3].

[1] https://www.trustpilot.com/review/freewallet.io
[2] https://www.trustpilot.com/review/freewallet.org
[3] https://bitcointalksearch.org/topic/petition-to-investigate-freewallet-org-scam-5462119

This would be some red flag for me and and latest a reason to look deeper. Frankly, I wouldn't install any wallet app for more than little pocket money that is closed-source, if at all.


You can subscribe as a devoloper for apps for Google Play Store to my knowledge for free (contrary to Apple, not saying that Apple does it better) but at least you need to provide a payment method. You can see for yourself what is required to publish an app on Google Play Store. Google documents it not too badly.

Don't be naive, Google doesn't pay lots of qualified programmers to inspect mobile apps. It's mostly an automated scanning process to look for shady bits and pieces; behavioral analysis in sandboxes and likely they throw some machine learning at it, too. Possibly some gross outliers or when too many indicators have been triggered, some first wave of poorly paid people inspect the shit that's been detected. Devs are likely tortured with template style automated responses. But what do I know, I'm no app developer, heard it from "friends" or actual devs who struggled with some automated Google Store review decisions and made them public.

The sheer volume of app publications prevents thorough testing and analysis behind the Store's curtains. Where should the money come from to pay an IT unicorn garden? They need their money to have their balls gilded. Shady apps? Who cares. Does it bring revenue? Yay, keep it until shit hits the fan! None of it? User's faults!


Don't you think that is kinda dumb from the beginning! I would always ask the question how could an app possibly earn money, because programming an app and publishing it and maintaining it doesn't come for free. So a bit more due dilligence from us users is highly advisible and necessary. Don't play the clueless sheep when wolves are around you.

And please, who is so stupid to put high five-figure $$$ value in a mobile app, possibly even a closed-source one? Don't need to be a clairvoyant to figure out this is a recipe for desaster.


In crypto coin space some sayings have a purpose: don't trust, verify! I think you overestimate the interest and competence of the US senate. There is more important evil at Google, Apple, Meta and whatnot other mega companies that the US senate should take care of. But they mostly don't care anyway... too busy, to throw shit at each other...


That's not bad to stay away with crypto apps from an almost permanently online device which security status is nearly impossible to judge and inspect and which people use for all sorts of internet and game shit. Did I mention that mobiles can easily be lost or stolen?

Personally, I'm fine with amounts in the ballpark of small pocket money, maybe just a few hundret bucks max. for short time. Anything above that... not on my mobile phone.

Damn, nice find. I can't lie, I do not use any app on my phone which are related to Crypto. This is very scary that most of the Crypto users (almost 70%) are using these sort of apps on their phones and keep their funds in these hot wallets, just to be their own bank you know? For newbies, I advice you to stick to an exchange wallet if your funds are less than $500 or $1000. Sometimes being your own bank might get you out of this game, so many vulnerabilities out there.

If you take a look at this [article] and this [article] on how to create and publish an Android app on Play Store, you will know that the subject is very easy, as any developer can do it.

It is worth noting, as the article mentioned by OP, that the malicious application contains advanced evasion techniques that succeeded in not being detected by Google Play/VirusTotal and passing the verification process. The app didn’t require permissions that usually pose a threat; instead, it relied on external resources that control the exploitation and harm to users, such as smart contracts, deep links, and keeping the app undetected... The fake positive reviews that the scammer used helped the app rank at the top, leading users to download and use it.

This scam appears to be advanced and sophisticated, which is why we should always verify and not trust blindly. As one of the members pointed out earlier, the official WalletConnect account on X already mentioned this incident. This highlights the importance of staying updated with these official accounts/links and always enabling notifications.

Yeap, Google Play Store's security system fails many times with these scammers and that's why we get various virus applications in Google Play Store. And the main thing to notice is that many times you will see that after installing many apps are fine on your mobile but those apps are not in Google Play Store because when you installed those apps, maybe Google's security could not identify those apps when they realize that there is a malicious program for the user's They remove it from the Google Play Store.

I think that if the apps can be downloaded by checking well in the Google Play Store, then there should be no problem. First of all, you have to see how many times it has been downloaded. Of course, no good apps will be downloaded only 10k times. On the other hand, what you said is directly downloaded from the website, many times scammers also sit in this place by opening fake websites. So overall we should check up some facts ourselves and then use such apps.

The scammers can convince people and google to make it available for download, and most android OS will allow it in their device, and it will keep spreading if it wasn’t taken down by google. The fake reviews are my concern here, I never expected such fake reviews just to convince people to download their application from google play stor; nevertheless, scammers can do anything just to make money from innocent crypto users.

Downloading wallets from their official websites is the only solution to these malware and other attacks related to theft of crypto from wallets, and connecting your wallets to any website can also be another means to expose your coins to attack by scammers. Make sure you verify any websites you are about to connect your wallet with, and if possible, avoid connecting your main wallet that contain all your assets to any website online.

Yes I was on my way to even share this, Wallet is listing its own token called the wallet connect token soon (WCT) and part of their TGE proceedings is to distribute this token through airdrops to those who connects their wallet to the site, since the announcement of this on 24 September they have been fake walletcommect app, fake sites and even fake social media handles. So I will advice newbies to be wary of things like This


Anyone can build their wallet and put it out on google play store, goggle play store doesn’t censor application except there is lots of scam reports and what this wallets usually does is they simply go and give their one positive reviews just to make the app look genuine, the first place you need to go to get the right wallet is visiting their official handles and getting the right website there then you can verify the wallet

It has been like this for a very long time, i learnt from my early days in this forum not to download any crypto stuff from Google playstore, the right place to download such important applications is from the original website only. Google do not vet or scrutinize these apps before listing them, i am sure they do a very limited check and then list them on their platform, this has caused a lot of people to lose their money.

Wait a minute, I don't even get/understand the actual description of the application. The actual name says walletconnect - crypto wallet, but the description below talks about Solving equations, complex calculations, engineering, students, etc. How does that even make any sense in the first place. You see, recently, I have began to have doubts about all the applications that are available on play store. I will personally like to know all the criteria that must be met before an application can be available for download on play store, because from the look of things, it seems Google play don't make a complete/thorough review on most applications that are submitted to them. Just imagine people lossing over $70K to what isn't literally their fault, because majority of us have trusted Google play to the extent that we can just download freely without first checking for user ratings and reviews.

We are not even talking about someone downloading an application from an unknown source or random website, but we are talking about someone downloading from one of the most (if not the most) popular app store in the world. I think If such case persist, then they might be invited by to the US senate to give some explanation.

And I just went to play store to check for it, but couldn't find it. I guess the app already shows a sign of red flag and has been brought down. But while checking for it, I saw an app with the name bitget wallet. How genuine is this?, because I only know of the exchange app.

Seems like over the years getting apps listed onto the app store has become easier than we can imagine, and the sad part is that most users have a misconception that everything available here is legit when infact not!

If anything, I think more scam artists have succeeded because these platforms have facilitated these scams without raising any red flags in time not until a couple of people lose their hard earned money.

I guess the blueprint to getting authentic apps, use official websites to find apps on the app store, otherwise don't download anything via search engines as they could be compromised.

---

Looks like fake reviews engineer the whole scam after all, ouch.

I think it's time for fake reviews to start being audited to ensure a clean up of this mess, just like it's done on trust pilot.

In addition to what others have said about downloading the apps straight from the official website, I'd like to add that we have a role to play in keeping these kind of space free from fake apps.

The owners of this app find various means to have a good rating of their app on Google play, so when we discover such apps we have to report it. The more reports it gets, the more likely it would be taken down. You can click the three dots at the top right side of the screen and click on "flag as inappropriate" then click on "app felt suspicious".
Reporting and leaving a review alone might not work because these guys work overtime to make sure they have good reviews.

To report a fake website, the easiest way to report the website to Google. Just copy the URL of the site and paste in on Google safe browsing . There is a space for other information for that's optional, then "submit report".
You can also report the site to the hosting company.

But if you look at this fake WalletConnect apps, it passes all the key points that you have pointed out,

1. it has been downloaded 10,000 times (but it could have been fake downloads as well to make it look legit).
2. it's been recent (at least this year as per the image, March 2024)
3. there are a lot of reviews (but obviously, those are fake ones)

@cryptoaddictchie - you might be correct mate, as there are a scheduled airdrops and so this scammers are trying to take advantage of it as well by creating a fake one and very unfortunate that they have victimized some individuals already.

Don't know why they allow such thing knowing it can compromise a lot of people who's using their platform.

But since this is already happen then I guess aside from looking at the pointers you have given much better if people will report that app so that Google Play will get notify about that fake app and possible erase it.

There's an instruction provided here https://www.howtogeek.com/440154/how-to-report-suspicious-android-apps/ on how they can report those fake apps.