Altcoins Talks - Cryptocurrency Forum
Learning & News => News related to Crypto => Topic started by: bitterguy28 on September 30, 2024, 05:26:05 AM
-
An app in Google Play disguised under the name of Walletconnect was able to steal over $70,000 from 150 users over only a couple of months the app allows people to connect their wallets into dapps and the fake app was downloaded for about 10,000 times but not everyone used the service because of suspicion.
The company says that this is the first time that a mobile app is exclusively used to steal from mobile users this is alarming because it was on google play and not everyone could have seen that it was fake and thought of it as legitimate since it is on the famous Google Play.
https://cointelegraph.com/news/crypto-wallet-drainer-google-play-stole-70k-check-point (https://cointelegraph.com/news/crypto-wallet-drainer-google-play-stole-70k-check-point)
-
No matter how strict and meticulous Google Play is, they can still be fooled around and hereby allowed a scam app to victimize people. In my view, this is one big reason that Google Play should have an insurance system so that in case something can be undetected and was able to scam people's money there can be a fallback victims can go to. The way I am seeing it, this is a big challenge to Google and make this the last one on this nature. I am expected a lot from Google Play but this time around they failed their users.
-
Crypto users need to research before downloading apps, especially for wallets. We shouldn't rely on Google Play reviews and must take time to ask in forums, read articles, etc.
-
The company says that this is the first time that a mobile app is exclusively used to steal from mobile users this is alarming because it was on google play and not everyone could have seen that it was fake and thought of it as legitimate since it is on the famous Google Play.
Do not mind this lie. Or is it not Google Play store that you are talking about? We have seen countless numbers of fake apps on the app store. Also apple application store is not better either. Google and those other app stores are not concerned about their users security at all. That is why they do not review apps before they are uploaded on their app store. There are many fake apps on their sites.
-
I think this is not the first time people download apps from Google play and found out too late that its stealing from them. There have been incidents in the past.
I didn't read the article actually, it's often just an app unknown mostl regular crypto users but those new in crypto will be victimized because they are in a hurry to connect their wallet.
-
this is one big reason that Google Play should have an insurance system so that in case something can be undetected and was able to scam people's money there can be a fallback victims can go to. The way I am seeing it, this is a big challenge to Google and make this the last one on this nature. I am expected a lot from Google Play but this time around they failed their users.
the thing is though from what i know their only fault is allowing such app to be published but what the users of the app experience within the platform is no longer under the jurisdiction of google play store i am pretty sure that they have policies that state the responsibilities of the users of an app it is also on us to make sure that we do not fall victim to these kind of apps
-
The full news stated the application exist on Play Store for about 5 months. I'm aware Google can't catch all fake or malicious application, but it's crazy it took about 5 months. Anyway, it's another reason to do more research and preferring popular application.
-
I think this is not the first time people download apps from Google play and found out too late that its stealing from them. There have been incidents in the past.
I didn't read the article actually, it's often just an app unknown mostl regular crypto users but those new in crypto will be victimized because they are in a hurry to connect their wallet.
This event once again highlights the risks within the crypto market, particularly regarding scams through crypto wallet apps. There are several measures we can take to safeguard our personal crypto assets:
1. Always access the project's website and download the app from their official information. This is safer than searching for the app on Google Play or the App Store.
2. Use one account to store the majority of your crypto assets, and only use sub-accounts to interact with protocols in the market, including DEXs, GameFi, NFTs, and more.
-
Anything goes on Google play though, it's not as strict as compare to Apple that's why it's the favorite of this cyber criminals, not just in crpyto, but those state sponsored cyber hacking groups that is going after the other government top secret by trying to phish employees, hence social engineering attack.
Just to bad that it take sometime before it has been caught, as a lot of money has been drained by this criminals and hopefully this will stop and none of us here are affecting and lose our hard earn money to this criminals.
-
This is very alarming, People trust Google play to protect them from these malicious applications and this happen, This is a big warning sign to not trust Google Play and do your research elsewhere on indepemdent trustworthy platforms.
Reviews can be fake, and this case its a planned and orchestrated review, so it will gain a good ranking in the search engine.
There's a possibility of a repeat of this scenario.
-
This is surprising because even myself couldn’t have though the google play can allow an app like that to be used on their space. Although, technology is advancing and they may have done their own scrutiny of the app and this people were just a little smarter than them to have got to steal from those that used those apps. This is just an alarming warning that scammers are on the go and have also find another means to steal from people. Good to share the news, it’ll serve as a way to help mitigate such occurrence in the future.
-
This is very alarming, People trust Google play to protect them from these malicious applications and this happen, This is a big warning sign to not trust Google Play and do your research elsewhere on indepemdent trustworthy platforms.
Reviews can be fake, and this case its a planned and orchestrated review, so it will gain a good ranking in the search engine.
There's a possibility of a repeat of this scenario.
this ruins its reputation. its alarming especially because it didn't happen just once. the istore as alternative however is also proprietary which not everyone can use. i tried aurora store i am also unsure whether its reliable. if all else will have these kind of malicious apps, might as well just stop installing wallet app using the phones. as ts not safe.
if those devs took $70k easy by just making people download their app, i wouldn't be surprise the next will be bigger such as fake popular wallet.
-
not everyone could have seen that it was fake and thought of it as legitimate since it is on the famous Google Play.
Famous google playstore you say? Maybe famous for housing scam and phishing applications, that is what they are kind of famous for, there are so many fake apps on google playstore and i am surprised that someone thought an app is legitimate because they found it there. So sorry for the victims, but they should know better than to connect their wallet to any application or whatever, too risky in my opinion.
-
Quite simple method and very interesting to see these type of things happening at all times. I think its quite clear that we are going to see some similar stuff that would not be all that complicated neither, because this is just people being stupid basically. I understand that we are going to end up with a lot more dangerous stuff in the future that would be very hard to suspect, so we need to be more careful than this. If we are fooled by these simple stuff, then how are we going to protect ourselves when more advanced versions happen? There is really no way of exactly knowing on those, this one is easy to see way beforehand.
-
1. Always access the project's website and download the app from their official information. This is safer than searching for the app on Google Play or the App Store.
there is still risk in doing this because there are so many websites out there far more than there are apps in google play/app store so it is important that you also check what are the official and legitimate websites in order to not download viruses or malware always check the domain name and assess the website if it has anything suspicious on its interface
2. Use one account to store the majority of your crypto assets, and only use sub-accounts to interact with protocols in the market, including DEXs, GameFi, NFTs, and more.
yup do not use just one account, one device for crypto if you really want to ensure safety and security
-
An app in Google Play disguised under the name of Walletconnect was able to steal over $70,000 from 150 users over only a couple of months the app allows people to connect their wallets into dapps and the fake app was downloaded for about 10,000 times but not everyone used the service because of suspicion.
The company says that this is the first time that a mobile app is exclusively used to steal from mobile users this is alarming because it was on google play and not everyone could have seen that it was fake and thought of it as legitimate since it is on the famous Google Play.
https://cointelegraph.com/news/crypto-wallet-drainer-google-play-stole-70k-check-point (https://cointelegraph.com/news/crypto-wallet-drainer-google-play-stole-70k-check-point)
For many airdrop people, this connecting of wallet is very common. That's why before anyone download an app or wallet to connect. Check every resource if that's an official app or source. Because these mobile apps can easily obtain our data and even the wallets that we use through mobile. I am not a fan of this kind of accessing my wallet through mobile and if I do, I wouldn't store most of my funds through a wallet mobile app.
-
An app in Google Play disguised under the name of Walletconnect was able to steal over $70,000 from 150 users over only a couple of months the app allows people to connect their wallets into dapps and the fake app was downloaded for about 10,000 times but not everyone used the service because of suspicion.
The company says that this is the first time that a mobile app is exclusively used to steal from mobile users this is alarming because it was on google play and not everyone could have seen that it was fake and thought of it as legitimate since it is on the famous Google Play.
People connecting their wallets to an application that has only 10k downloads? That's their own mistake, I mean, who just connects their wallet full of money to any site even for a few bucks (which most likely they are also not giving) Nowadays, the airdrop hunt is on top, and everyone is trying to participate from their main wallets that have some past transactions made already so they could get more reward or their selection becomes guaranteed.
This is wrong, and we all should have a spare wallet and should keep a few dollars in it. If tx numbers matter for such people, then make some tx on it. Just keep your main wallet away from such sites and apps.
And this is not the first time a fraudulent application has been listed on Google Play if you will Google you will find a lot of stories of how people get scammed because they download apps on Google Play blindly which is also wrong.
-
~ this is alarming because it was on google play
It's been a while since I read something like this but it's not uncommon that scam apps make it to Google Play. What I'm more curious about is how it went that long before we see news about it. If I'm not mistaken, WalletConnect is also quite a known brand that's why I find it surprising.
-
What I'm more curious about is how it went that long before we see news about it. If I'm not mistaken, WalletConnect is also quite a known brand that's why I find it surprising.
I don't know much about walletconnect, but i am surprised too that there was that many victims and the app was up for a couple of months according to the story. Could it be that those who were scammed were not reporting the scam application that was up on google playstore, it is crazy honestly and people need to be more careful.
-
Some people have not learn anything yet about being very careful with the kind of app they download or use on their phone, especially the one that ask them to connect wallet. I don't download unknown app, if I have to, then I will search for the authenticity of the app on the search engine and if it's really a trusted app, I will be ask to download it from play store. Right from the beginning, people have lost their asset through connection of wallet to a Dapp or any platform that asked them to do so.
-
It is unfortunate that google play is now becoming porous in the sense that fake apps are beginning to flood in the platform to undo users who download them. People should just be careful to do their proper verification as to compare or visit website of the app they want to download for proper confirmation before download so as to avoid downloading a fake that could undo them while using it.
I think organizations should be able to provide or make available as an alternative option for those who visit their website the link to their app on google play store so that any visitor who visits their website and wants to make use of their app could just click the direct link that would direct them to the right app to download on google play store. This might possibly help to reduce the rate at which people download fake apps via google play store.
-
A little advise and subtle warning for some of us that like downloading for different apps form the playstore, we are going to have serious challenge with some random apps we keep downloading irregularly, before making a download, it is expected of us to first read on what has been said, the warning given and the link used to the same site intended for making the download, of which some of our device would have given us a warning sign, but our of negligence some of us will still went ahead to make the downloads.
-
This is really unfortunate, the spread of fake apps on Google Play is very very dangerous because most users trust Google Play and therefore they are confident to download apps and connect their wallets and thus lose their assets.
Personally, when I want to download an app for wallets or exchanges, I first go to the official website and make sure it is the correct site and from there I click on the Google Play link to download the app safely, it is wrong to download apps through Google Play directly or through Google search because it may lead you to download phishing apps.
-
Lol, looks like scammers were quick to take advantage of walletconnect airdrop announcement.
People should check ratings and reviews first before installing, connecting wallet is much later thing. Most of high ratings is already a red flag and reviews say same — completely irrelevant matter in comments than what app is supposed to be about.
I would blame people's carelessness if they lost money in this.
-
Wait a minute. Isn't Wallet Connect the name of a protocol that people use to connect their wallets to websites? I hear there's like 600 wallets that support it, so how would this possibly be (legitimately) distributed as a standalone app, and not bundled with other wallet apps which actually use said feature? It doesn't make any sense to make the user install it by itself.
-
An app in Google Play disguised under the name of Walletconnect was able to steal over $70,000 from 150 users over only a couple of months the app allows people to connect their wallets into dapps and the fake app was downloaded for about 10,000 times but not everyone used the service because of suspicion.
This is why I don't use android apps, some people think thag IOS is every strict for not allowing many crypto apps on their store and that is because they are very careful of apps any random developer can create and put on their platform, this is what apple doesn't allow. As a matter of fact, apps under go a review before they are approved.
This is another clear lesson not to use online wallet. Not everyone can afford hardware wallet but it's better to even use the safe ones, I will rather download Trust wallet for currency need than download any other random wallet I don't know. The devil you know is better than the devil you don't know.
-
This is why I don't use android apps, some people think thag IOS is every strict for not allowing many crypto apps on their store and that is because they are very careful of apps any random developer can create and put on their platform, this is what apple doesn't allow. As a matter of fact, apps under go a review before they are approved.
Apple does not catch all the scam apps when they are reviewed for the App Store. Some of them can change the entire layout and theme of the app by sending some different HTML resources in the backend that correspond to different pages, and Apple can't see or control any of that.
It's the same problem with Google Play, but over there you can install whatever APK you want so if you've enabled that setting then you need to be extra careful.
-
Wait a minute. Isn't Wallet Connect the name of a protocol that people use to connect their wallets to websites?
yes walletconnect is an open source protocol used to connect wallets to dapps on the web it does indeed support over 150 blockchains and 500 wallets
so how would this possibly be (legitimately) distributed as a standalone app, and not bundled with other wallet apps which actually use said feature? It doesn't make any sense to make the user install it by itself.
it’s just a clear example of user negligence users probably thought that there is a mobile version of the protocol and had installed it why would it be bundled with legitimate apps when this itself is not legitimate in the first place?
people should have been more careful and aware of what is real and what is not
-
Wow I never thought one could get scammed through an app from plsy store this is the first time I'm hearing of such
So then what should we do in order to avoid being victims of these schemes hoe do we know the app is legit is there a way to know
-
An app in Google Play disguised under the name of Walletconnect was able to steal over $70,000 from 150 users over only a couple of months the app allows people to connect their wallets into dapps and the fake app was downloaded for about 10,000 times but not everyone used the service because of suspicion.
The company says that this is the first time that a mobile app is exclusively used to steal from mobile users this is alarming because it was on google play and not everyone could have seen that it was fake and thought of it as legitimate since it is on the famous Google Play.
People connecting their wallets to an application that has only 10k downloads? That's their own mistake, I mean, who just connects their wallet full of money to any site even for a few bucks (which most likely they are also not giving) Nowadays, the airdrop hunt is on top, and everyone is trying to participate from their main wallets that have some past transactions made already so they could get more reward or their selection becomes guaranteed.
10k downloads for others seems to enough to trust this application, but the thing is that this downloads could come from their inner groups, to make it looks like there are a lot of people who have downloaded it already. And so when the victims saw this, they didn't doubt.
And this is not the first time a fraudulent application has been listed on Google Play if you will Google you will find a lot of stories of how people get scammed because they download apps on Google Play blindly which is also wrong.
Yeah, not the first time, there have been multiple reports already, but the thing is that this scammers are also evolving that's why for a normal people, everything looks normal and real. But for those who have been in the crypto market, we should always have that element of "something is not right", and we should research more and verify before downloading any on our pc or laptop.
-
Wow I never thought one could get scammed through an app from plsy store this is the first time I'm hearing of such
Really? Then you should be glad you are on this forum and your have learnt that Google play store houses fake and phishing applications that can steal all your money. Even Apple store is not safe to download things relating to wallet and other related things.
So then what should we do in order to avoid being victims of these schemes hoe do we know the app is legit is there a way to know
Just go ahead and download the wallet from the official website, don't download from playstore; that's how you stay safe.
-
So then what should we do in order to avoid being victims of these schemes hoe do we know the app is legit is there a way to know
Make it an habit to always download apps from the official website site, no matter how easy it may seems downloading from playstore or App Store don’t do it because anyone can go there pay the required $25 (for playstore) and install an app that looks similar to the original one and then use it to phish people.
-
This is very alarming, People trust Google play to protect them from these malicious applications and this happen, This is a big warning sign to not trust Google Play and do your research elsewhere on indepemdent trustworthy platforms.
Reviews can be fake, and this case its a planned and orchestrated review, so it will gain a good ranking in the search engine.
There's a possibility of a repeat of this scenario.
In my opinion, Google may be exonerated from all these malicious registered Apps on it's store. I think that some of these malicious Apps may not have given their intent or details purposes to the use of Google services.
Crypto users should be cautious and very vigilant because scammers are upgrading their tactics everyday, and any crypto users relying on certain reviews which could be fake, unfortunately, they are researching about these Apps and vital questions before downloading or using these apps. This one of issues facing the crypto community which must be look into.
-
10k downloads for others seems to enough to trust this application, but the thing is that this downloads could come from their inner groups, to make it looks like there are a lot of people who have downloaded it already. And so when the victims saw this, they didn't doubt.
That's why I said 10k downloads are too low to trust an app I don't trust an app until it has around 200k to 500k downloads because this is a normal range for us to consider. 10k is too low for me to trust an app and we must see the reviews and don't underestimate the one or two negative reviews by seeing more positive views in compared to them. Plus, never trust any app listed on the Play store as an authentic one.
Yeah, not the first time, there have been multiple reports already, but the thing is that this scammers are also evolving that's why for a normal people, everything looks normal and real. But for those who have been in the crypto market, we should always have that element of "something is not right", and we should research more and verify before downloading any on our pc or laptop.
You are right we have that element and we research more and don't connect the wallet until we are so sure and I also join airdrops and when I am not sure about the app, I create a spare wallet especially for that and I manage it by keeping its record on some spreadsheet or on paper. Mean when we create more wallets it becomes a little hard to manage them.
-
That's why I said 10k downloads are too low to trust an app I don't trust an app until it has around 200k to 500k downloads because this is a normal range for us to consider. 10k is too low for me to trust an app and we must see the reviews and don't underestimate the one or two negative reviews by seeing more positive views in compared to them.
I wonder how this download gets counted. From what I recall, Google counted unique account/device IDs for each download. So 10k downloads mean 10k unique downloads, although scammers can easily fake this by running multiple instances of emulators or paying someone with peanuts to download their apps. That being said, 200k is a high number. Some legit apps that I know of never reached that number as far as I can tell, but that probably happened because the dev put a direct download link on their website/GitHub. As for 500k, probably only games can reach that number easily within a month or so. CMIIW.
-
I wonder how this download gets counted. From what I recall, Google counted unique account/device IDs for each download. So 10k downloads mean 10k unique downloads, although scammers can easily fake this by running multiple instances of emulators or paying someone with peanuts to download their apps. That being said, 200k is a high number. Some legit apps that I know of never reached that number as far as I can tell, but that probably happened because the dev put a direct download link on their website/GitHub. As for 500k, probably only games can reach that number easily within a month or so. CMIIW.
Scammers have ways to count their downloads unique, I am not aware of the full method, but they can hire someone or some devices or can run ads to get fake downloads. There are many people providing such services to give you fake downloads, and each of them get's counted. And you are right a crypto app might not get 200k to 500k quickly, but games can.
But I don't trust any new crypto apps that easily and advise everyone to do the same because they are new, and don't value their customers now. At least we don't know from their any action if they care about their users or not. So, just to remain safe, don't connect your main accounts with them even if you download them.
-
An app in Google Play disguised under the name of Walletconnect was able to steal over $70,000 from 150 users over only a couple of months the app allows people to connect their wallets into dapps and the fake app was downloaded for about 10,000 times but not everyone used the service because of suspicion.
The company says that this is the first time that a mobile app is exclusively used to steal from mobile users this is alarming because it was on google play and not everyone could have seen that it was fake and thought of it as legitimate since it is on the famous Google Play.
People connecting their wallets to an application that has only 10k downloads? That's their own mistake, I mean, who just connects their wallet full of money to any site even for a few bucks (which most likely they are also not giving) Nowadays, the airdrop hunt is on top, and everyone is trying to participate from their main wallets that have some past transactions made already so they could get more reward or their selection becomes guaranteed.
10k downloads for others seems to enough to trust this application, but the thing is that this downloads could come from their inner groups, to make it looks like there are a lot of people who have downloaded it already. And so when the victims saw this, they didn't doubt.
And this is not the first time a fraudulent application has been listed on Google Play if you will Google you will find a lot of stories of how people get scammed because they download apps on Google Play blindly which is also wrong.
Yeah, not the first time, there have been multiple reports already, but the thing is that this scammers are also evolving that's why for a normal people, everything looks normal and real. But for those who have been in the crypto market, we should always have that element of "something is not right", and we should research more and verify before downloading any on our pc or laptop.
they are often suing people with whatever they can come up and make money. if one person just slip accidentally on someone else backyard, i think they could even file a personal injury against the owner of the backyard.
in hundreds of victims just manged to put them all in one room and agree to sue googpleplay, they could make the company liable. i think they are liable, it just however need a lot off funds to sue a large company.
-
they are often suing people with whatever they can come up and make money. if one person just slip accidentally on someone else backyard, i think they could even file a personal injury against the owner of the backyard.
in hundreds of victims just manged to put them all in one room and agree to sue googpleplay, they could make the company liable. i think they are liable, it just however need a lot off funds to sue a large company.
I did not know Google Play was suing people to make money. Can you provide the source so I can learn more about it? I don't think we should plan to go after Google because it's the people who are so smart that they always come up with a loophole to abuse the policy and listing criteria and make themselves look like a good project and in the end, it's good for business for Google Play.
We must save ourselves from such apps and should not trust all apps listed on Google Play. I don't even trust apps listed on the Apple Store or any other store but double check everything and trust only those projects that are old and trusted by most of the people.
-
Now some will have to just realized the importance of being informed and why they need to take on some security measures, because we don't have to be scammed before knowing the right and proper step to take concerning the security of our crypto, scammers are now using many routes to attack on users and we must be able to have enough awareness regarding some of these tricks used by them before we turned their prey.
-
---
The company says that this is the first time that a mobile app is exclusively used to steal from mobile users this is alarming because it was on google play and not everyone could have seen that it was fake and thought of it as legitimate since it is on the famous Google Play.
https://cointelegraph.com/news/crypto-wallet-drainer-google-play-stole-70k-check-point (https://cointelegraph.com/news/crypto-wallet-drainer-google-play-stole-70k-check-point)
2 words. NOBODY'S PERFECT.
Even Facebook who is saying that they're doing everything to remove those scam ads on their platform still fails to do it. It's the same with Google. Heck they can't even differentiate which are phishing sites and which are not whenever we search on their search engine because they're times where the phishing site is on the top while the legit is at the 2nd or even 3rd on the list. Nothing surprising here TBH, and this is also the reason why I don't want to store my assets on a mobile wallet.
Always, always look at everything first before installing on our phone, downloading on our PC, or even depositing our assets. Always double or even triple check whether it's their legit mobile app, or legit website.
-
It is obvious that fake apps can't be traced and ruled out from the popular Google Play Store that's one of the reason they have users agreement when downloading any application.
It's certain that even if you are looking for a particular application on Google Play Store you are likely to see more than 3 apps of that same nature, so it takes one to make proper research on the kind of app to download especially when it comes to one dealing with Crypto assets (wallet app).
The Google team may not be able to spot all fake apps, that's one major reason why using a link from the project main web to download it's wallet app is much recommended.