Fraudsters forced thousands of users to download fake cryptocurrency app from Google Play

Analysts from Check Point Research (CPR) have discovered a new fraud scheme targeting Google Play users to steal cryptocurrencies. The attackers disguised the application as the popular WalletConnect protocol, which allowed them to deceive more than 150 users and steal digital assets worth more than $ 70,000.

Experts note that the application remained on the platform for almost five months and was downloaded more than 10,000 times.

The attackers used sophisticated social engineering and technical disguise techniques to bypass Google Play’s verification system. The application looked like a simple calculator, but after downloading, it redirected users to fraudulent websites where they unknowingly signed transactions in favor of the attackers. Thanks to fake reviews and high rankings, the app remained at the top of search results, misleading new victims.

Although not all users fell victim to the fraud, those who signed the transactions lost their digital assets. The stolen cryptocurrencies are stored on the wallets of fraudsters who use complex schemes to hide them. Most victims are still unaware that they have lost their funds, as the fraudsters have been actively blocking negative reviews, replacing them with fake positive comments.