WalletConnect has confirmed a malicious application that exploited its name for over five months and was downloaded over 10,000 times. The fake WalletConnect application has already been removed from Google Play. However, it managed to defraud over 150 users, resulting in losses more than $70,000.
The WalletConnect Foundation admitted that it is aware of a recent scam where bad agents developed a malicious app that exploited the WalletConnect name and was available on the Google Play Store. The WalletConnect further wrote, “The Foundation reminds everyone that there is no WalletConnect app. Be wary of downloading any app that purports to be a WalletConnect app.”
According to CheckPoint Research, “The malicious WalletConnect app we found has the package name – “co.median.android.rxqnqb” and was created using the service median.co. Median.co enables the configuration of the app icon, status bar, behavior when links are clicked, initial URL, and other parameters.”
Their Research team also added that not everyone who downloaded the app was affected. Some didn’t complete the wallet connection, while many others recognized suspicious activity and secured their assets, and “some may not have met the malware’s specific targeting criteria”.
CheckPoint further revealed that the fake app was published on Google Play on March 21, 2024 under the name “Mestox Calculator”, and since then its name has been changed several times.
Also Read: Fake DOGS Reward Scam Circulates on Telegram: How to Stay Safe
Source: https://www.cryptonewsz.com/walletconnect-fake-app-used-its-name-defrauds/