A fake wallet app available for four months on the Google Play Store stole over $70,000 worth of cryptocurrency in a phishing attack before it was shut down. The malware posed as WalletConnect, a popular Web3 protocol, and directed unsuspecting users to a site that tricked them into authorizing transactions, granting access to their funds. In total, the app was downloaded 10,000 times, according to a report by Checkpoint Research.
The actual WalletConnect enables secure communication between cryptocurrency wallets and dApps via QR codes, allowing users to approve transactions and interact with dApps without exposing private keys.
“Basic cybersecurity hygiene, even on your mobile devices, is paramount,” Michael McLaughlin, who co-leads the Cybersecurity and Data Privacy Practice Group at the law firm of Buchanan Ingersoll & Rooney. “If you're using a crypto trading platform—and it could be Coinbase, it could be Kraken, it could be any of those— they offer multi-factor authentication even on their mobile applications. And you have to implement them.”
McLaughlin emphasized the need to scrutinize cryptocurrency applications more, especially in digital stores that allow anyone to upload applications quickly. McLaughlin advised prospective downloaders to look at how many stars and reviews an application has before downloading it. “If it has only three users and no stars, you're not going to trust it," he said.
McLaughlin also said users should check the history of the application for any suspicious or sudden changes, such as how the product is referenced by previous users. He cited as an example a flashlight app that has thousands of users but then suddenly pivoted to a cryptocurrency app.
“It would still have the same number of users, it would still have the same rating, but now you just change the name of it, and so it no longer is a strobe flashlight app, now it's a cryptocurrency trader app,” he said. “So now it looks legitimate, even though it's not.”
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
