Topic: Fake WalletConnect on Google Play (Read 549 times)

Google is a big tech giant company so it cannot be expected from them to publish any application on play store without verifying it properly. So I would tell everyone that no matter how many trusted platforms you download any application from, you must check its validity before downloading.  Especially when downloading a crypto wallet one must double check that it is authentic. Because if authentic application is not downloaded then our wallet key can be stolen. On the other hand, in the case of other applications, if the malware software is downloaded on our phone, the entire phone can be hacked. So you should definitely be careful about these things. Thanks to op for sharing this and alerting everyone

When Android users do not understand how to download applications properly, they risk getting a big loss, namely fake applications.
Downloading directly from the Play Store is very dangerous. I used to get valuable experience from this forum that to download properly is from their respective official sites.
I also found several cases of fake applications on the Play Store so from the information I got made me very careful.

I just opened the Play Store on my Android, the result is that I have to complete two security options to secure digital purchases through the Play Store. The two options displayed are use a password or use biometrics.
I didn't do either. Is this risky?

You are right the best place to get a legit App is through there website because alot of things are happening right now in terms of scam, however I believe that's even the reason those website that enables the use of their apps normally have it on there website because asking there users to get it directly from the Google store through the name will result to getting the wrong app, so like you said Google app store should not be trusted because they have no application or device that can show if a particular app is the original or the duplicate of the main app, however I noticed that they only rate there apps base on the users feedback and since some the scammers knows that method they would always share to their friends to comment  highly of them, so that people will love to try out the app.

However in terms of the walletconnect app I have been seeing it but I never new that they are not a legit app because the rating they had before was actually difficult to no if they are fake, so is good I don't even use to download apps unless from there website and I believe a lot of people most have become a victim now.

The economy has been pushing many people to do fraudulent things just because they want money. There are too many fake apps especially where you must connect your wallet. It is always better to use their official website to download whatever app you want to download since Play Store can not even give a secure app to make use of if you even search for a particular app the next thing will be that you see different and even some that are identical the only way you can even differentiate will be from the number of download and reviews.

And if you are talking about the developer that will be another difficult aspect to determine if the app is legit or not is not as if some of us are familiar with the developer, to be able to make such a determination you can not be able to use a developer to determine how legit the app is for me is usually the number of downloads and reviews like I said before.

people will only download when they see that they have a very high number of downloads, so giving permission when using the app can be very dangerous sometimes they might use it to access your data so we have to be careful.

Not everyone knows what to do. We cannot expect everyone to know these things. The playstore do not show what permission an app is getting by default before installing the apps. If we download the app from unknown sources, and then try to install the app, the device gives us a warning and show what permission the app is asking for.

You are right about why they do not care about their customers. Since they do not have competitor, they do not feel the need to be strict or to improve their service. I guess they do not even consider Apple as their competitor. I am glad that some smartphone companies started to build their own app store. For example, Vivo developed V-appstore. But I guess these stores also has malicious apps.

Scammers are smart. They know how to get through store's approval's process to get their app on store and later on push their malicious stuff.


I have seen people who do that, blindly accepting everything that app says, these people don't care about their data.

This goes to show how unsafe the social media is, too many scams and hacks, someone must not be too fast to trust anything they see even if it seems like it is coming from the original source. Google play store is quite unsafe, there are fake apps that scammers are using to impersonate the original ones, if someone is not careful and knowledgeable it is very easy to become a victim of these scammers. It is very worrisome that this fake app remained on Google play store for up to 5 months, that is a very long time without detection by the Google management, so users were on their own to research by themselves in order not to be scammed before Google will fished them out. With my knowledge about fake apps on Google play store I never download anything until I'm 100% sure that it's the original app that I want to download. There is need for you to DYOR before clicking on any app or links online to avoid being a victim of scammers and hackers

Or maybe they don't just care in the first place. This is probably what you expect when you don't have a competitor that offers similar service to over 8 billion people across different nations on the planet. Ideally, I believe a good number of the users who download apps from the play store don't really know/have Ideas about privacy intrusion, information stealing and other stuffs, that violates users right, maybe because they are not IT literates(i.e they only know how to use there devices, but don't necessarily know how the device works at a user level).


It makes it easier for those with good IT experience, and have been long active on the internet space to distinguish this things, but there are other users that don't even take note of this important things. Probably, they just install the app, and accept every terms and conditions without even reading (maybe due to illiteracy or ignorance). And we all know that some applications won't work without a user allowing certain permissions to contact, messages, etc, which those who are not sensitive enough will likely be a victim at the end of the day.

Thank goodness, scammers are bad at writing stuff, it makes easy to distinguish them. Look at app description, who would fall that? Only those who blindly install apps.

By the way, recent announcement of WalletConnect airdrop must have also played it's part in increasing victim's count, as for airdrop registration it had requirement to register using WalletConnect (that being using mobile wallet apps like Trust Wallet, Alpha Wallet to login) but some must have misunderstood and would have gone to play store to download the WalletConnect app and would have gotten scammed in process.

I am not an Apple user so I don't know if there are many fake apps on the app store or not. But I know that there are hundreds of apps available on the Play Store that may steal users' information from their devices. People do not check what permission an app is taking when they install it. A VPN does not require to have access to your contact list, or your file manager. But if you check the app permissions, you will see that VPNs have access to many things that they are supposed not to.  I have heard that almost anyone can upload an app on the play store. But, as a user, I expect google to be more strict when they allow people to upload apps on the play store.

Fraud is a very popular topic these days. To protect yourself, follow these simple tips:

Download apps only from official websites.

Check the developer: Look for well-known and reliable developers.

Evaluate the number of downloads: Apps with a large number of downloads are usually more trustworthy.

Be cautious with permissions: If an app requests access to personal information without a valid reason, it’s better not to download it.

Is that what you think, people have been complaining about Google PlayStore for as long as i can remember, but nothing has changed, a scam/phishing application can be up on Google PlayStore for months, without being taking down. Thus instead of complaining about their security when they won't do anything about it, people should just stop using them completely, it is the newbies i pity, they come into the network with so much naivety and they are prone to errors like this.

Not because they are unable of doing so, but you understand how some people become complacent and fail to examine several details, such as reviews, before downloading or even using the program. When it comes to apps, Apple is even slightly safer than other platforms. The worst place to find fraudulent apps is the Play Store, where it seems like anyone can publish whatever program they want. Before I download any wallet from anyplace, I make sure to complete my homework properly. I don't know why play are not selecting the kinds of apps they allow on their platform. Anything that goes wrong with any app was suppose to be their responsibility to make sure what they are delivering is suppose to be the best and with a good warranty, is because people don't complain to much that is why they don't care.

This is the reason why when it comes to downloading apps whether it's for PC or mobile phones, it's important that a person should do it only through the official source. Go to the official website and make sure that they are offering an app for you to use, and download it from there instead of searching inside app stores because the chances of getting scammed this way will be lower than searching and downloading apps on your own.

There is one more thing that I often suggest to people is that they should use separate mobile phones for their financial applications and operations. The reason is simple, you do a lot of things on your normal phone, and that increases the chances of you becoming a victim or scams, phishing attacks, malware attacks, and anything else that people do to steal your funds. Having a separate phone will save you from these things if you use it carefully.

People can avoid scams and fake apps if they are carefully in practice and only visit official websites where they can get important things like download links.

Google and their Google Play (app store) is famous with easy checking before listing applications on their store, but people as users can not depend on Google for their security and safety. Just to be careful, know about basics, maintain basic steps in security, they will have better practice on Internet.

Officially visit websites & download apps, not fake ones.
Cryptocurrency scam book.

The problem is, that not everyone has the ability to check if an app is fake or a real one. Especially crypto newbies who have been in the crypto market for less than a year. Even veteran members get tricked because the App Store / Play Store is an official store where people are supposed to find legit apps. Google and Apple should have some responsibility. If I download an app from Play store and get hacked, I will surely blame Google because they allowed the scammers to upload their apps. Play store should have some kind of verification steps when they allow the developers to upload their apps. Especially if the app is related to finance.

And that is the thing, we already knows that there are a lot of fake apps in Google, but still we don't do any investigations and then bitch around (sorry for those who have been victimized), and let it be a expensive lessons to learn.

Let this be another lessons to all of us, in Google Play or any apps store we find in the web, we should be really researching it first before downloading and using it in our wallet. We shouldn't be trusting anyone at this point, as there are a lot of scammers in the world that we are not attached.

Honesty we need to be very careful all also wise enough, because the way things are happening this day online is not proper since the scammers observed that a lot of people’s are into crypto; that’s they also spread their self for them to scammers people: Google play store is the best app of download whatever a person want either wallet or anything without facing any issues.

But now it comes that many people where complaining that if they download reasonable things from the Google store they will be getting scammed at the end of day, so in this case the best for us to do to avoid scammers to hack of wallet is that, it will be good deal for ti make an concrete research on the wallet that we wanted to download to the genius wallet.

Yeah i can figure that out that this event will be an advantage for scammers to lure in potential scam like the topic post. Well thats not new, but if youre smart user you would directly go to the website and official socials to do the process of registration and not look for any apps just because using it is convenient.

Thats a shame if some will got caught with the fake apps. The task is connecting wallet and signature and somehow its dangerous if someone connect to a fake one.

People say that based on their experience and the time they have spent in the crypto world and the tech world. It is normal to have some good confidence if you spend decades in the crypto space. You might think you know almost everything and are unlikely to be tricked by the scammers. Even though we say we check the app before we install it. How many of us check what permission your app is asking for?

My ETHER wallet was also hacked once and I do not have access to my ETH wallet anymore. I don't even remember how it was hacked. Even though I consider myself a veteran crypto user, I believe the hack happened due to my own mistake.

It actually is becoming one now. And to give some idea to Google itself, they're aware of it but they are too laggard in removing all of those apps that have been reported to them as likely scam apps.

Many have already faced problems because of allowing it to stay on their platform. As we can see, there have been folks that became a victim of these fake wallet apps.

They're telling that they're good in identifying the likely of these fake apps but because it's from Google Play which is a trusted based on their belief, they fell for it.

If the official app store/play store becomes a haven for scammers, then people are going to face a lot of problems. I have seen some news before that VPN apps, photo editing apps, and some other games steal user information from users' devices and sell them on the internet. But, I haven't heard about fake wallet apps which is available on Play Store or App Store.

A new fear has been unlocked for crypto newbies. While the veteran members will try to verify each way to check the apps, it will be harder for new people to keep themselves safe from those phishing, and fake apps. Now a little more work for you if you teach your friend what to do and what not to do.

Google play should step up their security measures by doing a proper verification on apps that they do list on their website for download. They should get a team that could be able to verify apps to see the security level as to know if it is worth it or not. These days it is funny how scammers flood google play store with their fake apps just to make sure they scam people.

Since it seems their verification exercise does not requires much scrutiny, scammers takes advantage of it to undergo the process without being detected and the scale successfully without being noticed and based on the trust people have on google play, they download these apps and get scammed. If google does not want to loose their user base, they should step up their security measures and properly examine applications before listing them on their website.

Developers can easily run a their application in Google play because its not too much requires tons of credentials and not reading the code at all once they got paid they will list your application, as possible ideal to download the platform to its authentic website to make sure if its real yes there's still some fake website but of course you must double check the link. Its one of their dilemma right now even in social media platforms there's a lot of fake promotion that they are the one and legit website offering a huge amount of bonuses too. I guess a safe method is to have knowledge to avoid these scams and attacks to protect you and your funds.

Knowing that these apps have been on Google Play for a long time without the company dictating it makes the situation very disturbing. These scammers can easily use artificial intelligence tools to upgrade their search engine rankings such that a simple search will lead to such a phoney app. Searching for an app outside Google Play would be the best option if you are not sure of the authentic website of the company. It is safer to be redirected to Google Play from a verified website than to just search for the app. Google Play has become a haven for scammers, so one needs to be careful. But in the case of Electrum, a simple search will lead you to a legitimate website since it is a very popular app.

I am not surprised, the reason why the search for wallet connect is very high on google play store is because of the upcoming wallet connect airdrop that has been announced on x lately, the scammer just took advantage of the news.

There is nothing we can do to stop this unless google play store stop them from their end, the truth is many newbies are entering into crypto already and since this is airdrop related they will always take stupid route like this one.

How many newbies are we going to tell not to download the crypto wallet from playstore using the PS search engine? We really can't reach out to all of them, even the warnings in this thread cab only reach newbies that want to learn, and there are millions of them that aren't even available on this forum.

Let's say I know Electrum has an app for Android devices but I don't know their website URL or forgot what is their domain name. In this case, I usually avoid searching it on the internet and I search it on Google Play Store because I know their app is available on Play Store. Now, it is something to worry about that Google Play search can show me a fake Electrum app instead of the real one (If a fake one is available), and what if I install it? Point to note that not everyone knows how to verify who uploaded it on the Play Store and how to verify it is the official app. Probably the veteran members will be about to catch the fake one. But, newbies may fall for these traps. This is something to worry about. 

AFAIK Apple Store have more strict requirement. One of them is $99/year for developer, while Google Play only ask $25 one time which discourage small developer and scammer.


I saw Trustpilot claim they fight against fake review. But it's hard task and it's not going that well. For example, freewallet.io received review actually intended for freewallet.org[1]. Meanwhile, we can't even leave review for freewallet.org[2] which is known for selective scam and stealing data under pretense of data verification due to "suspicious" behavior[3].

[1] https://www.trustpilot.com/review/freewallet.io
[2] https://www.trustpilot.com/review/freewallet.org
[3] https://bitcointalksearch.org/topic/petition-to-investigate-freewallet-org-scam-5462119

This would be some red flag for me and and latest a reason to look deeper. Frankly, I wouldn't install any wallet app for more than little pocket money that is closed-source, if at all.


You can subscribe as a devoloper for apps for Google Play Store to my knowledge for free (contrary to Apple, not saying that Apple does it better) but at least you need to provide a payment method. You can see for yourself what is required to publish an app on Google Play Store. Google documents it not too badly.

Don't be naive, Google doesn't pay lots of qualified programmers to inspect mobile apps. It's mostly an automated scanning process to look for shady bits and pieces; behavioral analysis in sandboxes and likely they throw some machine learning at it, too. Possibly some gross outliers or when too many indicators have been triggered, some first wave of poorly paid people inspect the shit that's been detected. Devs are likely tortured with template style automated responses. But what do I know, I'm no app developer, heard it from "friends" or actual devs who struggled with some automated Google Store review decisions and made them public.

The sheer volume of app publications prevents thorough testing and analysis behind the Store's curtains. Where should the money come from to pay an IT unicorn garden? They need their money to have their balls gilded. Shady apps? Who cares. Does it bring revenue? Yay, keep it until shit hits the fan! None of it? User's faults!


Don't you think that is kinda dumb from the beginning! I would always ask the question how could an app possibly earn money, because programming an app and publishing it and maintaining it doesn't come for free. So a bit more due dilligence from us users is highly advisible and necessary. Don't play the clueless sheep when wolves are around you.

And please, who is so stupid to put high five-figure $$$ value in a mobile app, possibly even a closed-source one? Don't need to be a clairvoyant to figure out this is a recipe for desaster.


In crypto coin space some sayings have a purpose: don't trust, verify! I think you overestimate the interest and competence of the US senate. There is more important evil at Google, Apple, Meta and whatnot other mega companies that the US senate should take care of. But they mostly don't care anyway... too busy, to throw shit at each other...


That's not bad to stay away with crypto apps from an almost permanently online device which security status is nearly impossible to judge and inspect and which people use for all sorts of internet and game shit. Did I mention that mobiles can easily be lost or stolen?

Personally, I'm fine with amounts in the ballpark of small pocket money, maybe just a few hundret bucks max. for short time. Anything above that... not on my mobile phone.

Damn, nice find. I can't lie, I do not use any app on my phone which are related to Crypto. This is very scary that most of the Crypto users (almost 70%) are using these sort of apps on their phones and keep their funds in these hot wallets, just to be their own bank you know? For newbies, I advice you to stick to an exchange wallet if your funds are less than $500 or $1000. Sometimes being your own bank might get you out of this game, so many vulnerabilities out there.

If you take a look at this [article] and this [article] on how to create and publish an Android app on Play Store, you will know that the subject is very easy, as any developer can do it.

It is worth noting, as the article mentioned by OP, that the malicious application contains advanced evasion techniques that succeeded in not being detected by Google Play/VirusTotal and passing the verification process. The app didn’t require permissions that usually pose a threat; instead, it relied on external resources that control the exploitation and harm to users, such as smart contracts, deep links, and keeping the app undetected... The fake positive reviews that the scammer used helped the app rank at the top, leading users to download and use it.

This scam appears to be advanced and sophisticated, which is why we should always verify and not trust blindly. As one of the members pointed out earlier, the official WalletConnect account on X already mentioned this incident. This highlights the importance of staying updated with these official accounts/links and always enabling notifications.

Yeap, Google Play Store's security system fails many times with these scammers and that's why we get various virus applications in Google Play Store. And the main thing to notice is that many times you will see that after installing many apps are fine on your mobile but those apps are not in Google Play Store because when you installed those apps, maybe Google's security could not identify those apps when they realize that there is a malicious program for the user's They remove it from the Google Play Store.

I think that if the apps can be downloaded by checking well in the Google Play Store, then there should be no problem. First of all, you have to see how many times it has been downloaded. Of course, no good apps will be downloaded only 10k times. On the other hand, what you said is directly downloaded from the website, many times scammers also sit in this place by opening fake websites. So overall we should check up some facts ourselves and then use such apps.

The scammers can convince people and google to make it available for download, and most android OS will allow it in their device, and it will keep spreading if it wasn’t taken down by google. The fake reviews are my concern here, I never expected such fake reviews just to convince people to download their application from google play stor; nevertheless, scammers can do anything just to make money from innocent crypto users.

Downloading wallets from their official websites is the only solution to these malware and other attacks related to theft of crypto from wallets, and connecting your wallets to any website can also be another means to expose your coins to attack by scammers. Make sure you verify any websites you are about to connect your wallet with, and if possible, avoid connecting your main wallet that contain all your assets to any website online.

Yes I was on my way to even share this, Wallet is listing its own token called the wallet connect token soon (WCT) and part of their TGE proceedings is to distribute this token through airdrops to those who connects their wallet to the site, since the announcement of this on 24 September they have been fake walletcommect app, fake sites and even fake social media handles. So I will advice newbies to be wary of things like This


Anyone can build their wallet and put it out on google play store, goggle play store doesn’t censor application except there is lots of scam reports and what this wallets usually does is they simply go and give their one positive reviews just to make the app look genuine, the first place you need to go to get the right wallet is visiting their official handles and getting the right website there then you can verify the wallet

It has been like this for a very long time, i learnt from my early days in this forum not to download any crypto stuff from Google playstore, the right place to download such important applications is from the original website only. Google do not vet or scrutinize these apps before listing them, i am sure they do a very limited check and then list them on their platform, this has caused a lot of people to lose their money.

Wait a minute, I don't even get/understand the actual description of the application. The actual name says walletconnect - crypto wallet, but the description below talks about Solving equations, complex calculations, engineering, students, etc. How does that even make any sense in the first place. You see, recently, I have began to have doubts about all the applications that are available on play store. I will personally like to know all the criteria that must be met before an application can be available for download on play store, because from the look of things, it seems Google play don't make a complete/thorough review on most applications that are submitted to them. Just imagine people lossing over $70K to what isn't literally their fault, because majority of us have trusted Google play to the extent that we can just download freely without first checking for user ratings and reviews.

We are not even talking about someone downloading an application from an unknown source or random website, but we are talking about someone downloading from one of the most (if not the most) popular app store in the world. I think If such case persist, then they might be invited by to the US senate to give some explanation.

And I just went to play store to check for it, but couldn't find it. I guess the app already shows a sign of red flag and has been brought down. But while checking for it, I saw an app with the name bitget wallet. How genuine is this?, because I only know of the exchange app.

Seems like over the years getting apps listed onto the app store has become easier than we can imagine, and the sad part is that most users have a misconception that everything available here is legit when infact not!

If anything, I think more scam artists have succeeded because these platforms have facilitated these scams without raising any red flags in time not until a couple of people lose their hard earned money.

I guess the blueprint to getting authentic apps, use official websites to find apps on the app store, otherwise don't download anything via search engines as they could be compromised.

---

Looks like fake reviews engineer the whole scam after all, ouch.

I think it's time for fake reviews to start being audited to ensure a clean up of this mess, just like it's done on trust pilot.

In addition to what others have said about downloading the apps straight from the official website, I'd like to add that we have a role to play in keeping these kind of space free from fake apps.

The owners of this app find various means to have a good rating of their app on Google play, so when we discover such apps we have to report it. The more reports it gets, the more likely it would be taken down. You can click the three dots at the top right side of the screen and click on "flag as inappropriate" then click on "app felt suspicious".
Reporting and leaving a review alone might not work because these guys work overtime to make sure they have good reviews.

To report a fake website, the easiest way to report the website to Google. Just copy the URL of the site and paste in on Google safe browsing . There is a space for other information for that's optional, then "submit report".
You can also report the site to the hosting company.

But if you look at this fake WalletConnect apps, it passes all the key points that you have pointed out,

1. it has been downloaded 10,000 times (but it could have been fake downloads as well to make it look legit).
2. it's been recent (at least this year as per the image, March 2024)
3. there are a lot of reviews (but obviously, those are fake ones)

@cryptoaddictchie - you might be correct mate, as there are a scheduled airdrops and so this scammers are trying to take advantage of it as well by creating a fake one and very unfortunate that they have victimized some individuals already.

Don't know why they allow such thing knowing it can compromise a lot of people who's using their platform.

But since this is already happen then I guess aside from looking at the pointers you have given much better if people will report that app so that Google Play will get notify about that fake app and possible erase it.

There's an instruction provided here https://www.howtogeek.com/440154/how-to-report-suspicious-android-apps/ on how they can report those fake apps.

Probably the reason why it comes out its due to the upcoming airdrop that has been announced by walletconnect.

https://x.com/WalletConnect/status/1841161764320297354?t=8C0QDpHkj-HmNqjhQ3SUMA&s=19

The scammer is antcipating a potential connector since there must be some whose gonna look for their app wallet and here it happened. The airdrop is live until 18th of October for registration so this must be take advantage by this mfer.

Google Play again let it happens, but not surprising because we knew about that for years. They have very easy procedure and let fake apps to be listed in their Google Play Store, that causes massive threats to their users.

Some keys to avoid fake and phishing applications.

• Low total downloads: usually it is very low number.
• Release date: very recently.
• Total reviews: it is low too.

If you see an application with these red flags, be more careful.

Another key but it is the first one to do, if you want to get a download link of application, find it on an official website; and NEVER go to Google Play Store to search for it.

It’s getting harder to trust the Google Play Store nowadays. I wonder if it’s the same for the Apple Store. I’m an Android user, so this is a big help for people like me. Although, personally, I don’t use those wallets. It’s definitely better to be cautious and go directly to the official website for download links, it's much safer than just relying on the Play Store, even if it's Google-verified.

Yes, it's true that apps found on Google play may have been proven to be legit and authentic, but most times when a app may have been successfully launched, what happens next may not be guaranteed, which is why it's always advisable people download popular Bitcoin Apps, most especially Apps with good rating of over 4.5, lots of reviews (e g 100k) and amount of downloads not less than a million. Or best stick to popular well known Bitcoin wallet Apps such as Electrum, BlueWallet, Trust wallet and Coinbase or exchange such as Binance, OKC, Bybit and Gate.io.

It has been happening for many years now, that Google Play allows crypto stealer or anything that relates to crypto, scamming people out of their hard earn money. That's why we have discussed about Apple store as they are more strict with regards to any apps that is going to be listed on their store as compare to Google wherein it's very easy like in this case.

So the burden is on us now, that we should not be trusting anything on Google as it could be a fake apps and we all assume it's the real one. And this criminals are in the offensive and all we can do is to educate ourselves and this is the only weapons we have against this criminals.

I saw report of this fake wallet elsewhere. But it's worth to mention that this fake wallet managed to stay about 5 months before it's removed from Google Play. So duration since the application initially appear become less reliable ways to guess whether an app is legit or not.


The report also mention usage of fake reviews, so it's likely most of those downloads are fake download.

If such thing can happened in the Google Play store, we need to be very careful, the type of wallet we download from Google play store these days, because it is painful when someone loss coins in the fake wallet. I thought that all the wallets in the Google Play store are genuine for crypto users to use to store their coins, but this information op just spread out on this thread, make me to be scared about some wallet am having interest to download to hold my coins for future purpose, well I have heard about trust wallet before, and they are among the genuine wallet someone can use to hold bitcoins and crypto without having fear of scammers or fake wallet.

I guess you really have to verify whether if they have a mobile version of it and it is on Google Play. The thing though is that this criminals are really smart to ride on the real name of the WalletConnect that's why there are a lot of unsuspecting victims not thinking that this is a fake one.

And as reported, many downloads but only 150 was victimized by it. But still that is a great numbers for criminals to be able to steal $70k without doing anything and just waiting for someone to fall for their trick.

I do agree about not trusting anything we found in Google Store as it is a cesspool of fake apps and most of them are wallet drainer.

Can't imagine fake wallets on Google Play store which is the final destination for many of us when we look for official apps and updates. I don't know how newbies will understand what they should trust. Mostly, we ask people to use google play store to download official apps and ignore downloading by searching it on search engines. Let's say a newbie don't know the official URL of a wallet website, what they should do now? I usually suggest now to search on google, but search on play store and install that. Now, if there are fake apps on Play store, what is the safe method to suggest?  

When it comes to wallet, I usually advice people to download from their original sites, and use standard, well known wallets. The Google app store should not always be trusted as we have seen many false reviews in the past and till date. The scammers can just create it or have a promotion to help review the apps and also give it the best ratings so to trick others into using it. I do come across this wallet sometimes on play store and I don't think I've ever gone through it. We just have to be careful as there are even more of it's kind out there on play store. Use only well known wallets to avoid being a victim.

It was unraveled that there was a malicious app on Google play that is targeting crypto enthusiast and obviously it is designed to be a mobile device to be used by many of us. And it has a good evasion technique that's why it was under the radar for quite sometime (five months) now and it could have victimized already.

One method it uses is that it exploited the trusted name of "WalletConnect" protocol. And then it has a group of armies to make fake reviews as well that's why it got 10,000 downloads and it was even rank high in search engines.

It is said that it was able to drain crypto users of about $70,000 before being caught and removed.





https://research.checkpoint.com/2024/wallet-scam-a-case-study-in-crypto-drainer-tactics/

And it seems that this criminals is shifting to mobile devices kind of attacks. So we should really be careful of anything that we download specially crypto apps from Google store and we should very everything first, before connecting our wallets. Although this has been taking down, for sure, this criminals are not going to stop and could be coming up with another kind of downloads.