Attention Google Play users: Thousands of dollars worth of crypto assets have been stolen from this app.

As security concerns in the cryptocurrency world rise, this sophisticated fraud case detected in the Google Play Store highlights the risks faced by digital asset holders. The application, which deceives users with a fake calculator appearance, managed to be downloaded thousands of times by bypassing Google's security measures and has sparked a new security debate in the crypto ecosystem.

The Calculator-Disguised Application Trapped Thousands of Users

Check Point Research, one of the leading organizations in cybersecurity, identified a malicious cryptocurrency wallet application on Google Play that caused users a loss of $70,000. It was determined that the application remained active for five months and victimized more than 150 users during this period.

This malicious application, which mimics the WalletConnect protocol aimed at ensuring the security of cryptocurrencies, managed to evade security checks using advanced methods. The company emphasized in a statement on September 26 that such attacks specifically target mobile users and that this situation is a first.

Fake reviews and consistent branding strategies that allowed the application to rank high on Google Play led to it being downloaded more than 10,000 times. The malware was first released on March 21 under the name "Mestox Calculator" and changed its name several times over time to make detection more difficult.

The application's appearance as a harmless calculator allowed it to bypass both automated and manual review processes on Google Play. Users were redirected to a backend hosting the malware through different redirects based on their IP address and the device they were using.

The fake WalletConnect, which encouraged users to connect their wallets by acting like a legitimate application, then requested various permissions for wallet verification, allowing users to transfer their assets. In this way, valuable assets in users' wallets were withdrawn first, followed by other tokens.

In a statement by Check Point Research, it was noted that such cybercrimes are becoming increasingly complex and that they deceive users to seize their assets without resorting to traditional attack methods. Researchers highlighted the importance of informing cryptocurrency users about the risks associated with Web3 technologies.

This incident shows that application stores need to strengthen their verification processes and that users should be more cautious about the applications they download. Google has not yet responded to requests for comments on the matter.