New warning to Play Store users that their virtual currency will suddenly disappear
anadolu agency
An interesting week for Android users ends with more bad news. Necro Trojan, a dangerous Trojan horse lurking inside the Play Store, is fast closing in on its way, breaking through Google’s defenses and tricking users into putting themselves, their devices, and, in this case, their cryptocurrencies at risk. Another threat has emerged that exposes people to
Check Point Research has discovered the first Play Store cryptocurrency breach targeting only mobile users, warning that it is a “wake-up call for the entire digital asset community.” This “significant escalation in the tactics used by cybercriminals” shows that “the cyber threat landscape in decentralized finance is rapidly evolving,” they say. Although the app has now been removed from the Play Store, the warning still stands.
Forbes Google confirms new tracking nightmare for 3 billion Chrome users Written by Zak Doffman
As seen by Necro, this latest threat introduces “modern evasion techniques to avoid detection” and surprisingly appears to have remained present on the Play Store for five months. This particular app was quite specialized and pretended to simplify the use of the Web3 WalletConnect protocol, which connects decentralized apps and user wallets.
“Not all wallets support WalletConnect,” Check Point explains. “The attackers cleverly exploited the complexity of WalletConnect and tricked users into thinking there was a simple solution: a fake WalletConnect app on Google Play.”
The malicious app first appeared on the Play Store in March of this year, was installed at least 10,000 times, and stole at least $70,000. As always, what we don’t know is the level of activity outside of the Play Store, but the very special nature of this campaign is that once users understand the threat, they won’t be fooled again. That’s a plus. The current numbers are modest, but this is a first. We expect this to continue to happen, which is why we issue a stern warning not to connect unverified apps to your wallet.
Malicious WalletConnect app is running
checkpoint research
Any malicious app that connects to digital wallets as a core feature has a long head start and can be effective quickly. “The malicious app activates selected wallets and redirects them to malicious websites,” Check Point said. The user will then have to confirm the selected wallet and will be asked to approve some transactions. ”
Each user action triggers a communication to the command and control server that powers the app to “retrieve details about the user’s wallet, blockchain network, and address.” According to Check Point, the app withdraws “more expensive tokens before targeting cheaper ones,” ensuring that your most valuable assets are stolen as soon as possible in case the app is discovered and taken down. It is said that he did so.
So far, the number of identified victims has been limited, but it is surprising that there were fewer negative reviews on the Play Store than known cases. This app has apparently been removed now and I’m sure Play Protect is ready for next time. I asked Google if it had any additional comments on Check Point’s report.
Forbes Samsung update miss — bad news for millions of Galaxy phone owners Written by Zach Doffman
Check Point says the lure of “decentralized finance” is driving “the sophistication of cybercriminal tactics”. Even more worrying, “traditional tools such as Google Search, Shodan, and automated checks are often unable to identify such threats. This makes it nearly impossible for automated systems or manual searches to detect them.” Masu.”
Android 15 is expected to be released next month. It includes a number of new security updates, at least for some users. Meanwhile, the Play Store promises to weed out low-quality apps. Both these measures and ongoing enhanced scanning of apps before they appear on the store should keep such threats at bay.
