Victims lose $70K to one single wallet-draining app on Google’s Play Store

Topic

New Reply

“The latest in a long line of cryptocurrency wallet-draining attacks has stolen $70,000 from people who downloaded a dodgy app in a single campaign researchers describe as a world-first.

“A fraudulent app targeted web3 users on Google’s Play Store, piggybacking on the name and reputation of the legitimate WalletConnect protocol, which is used for connecting decentralized applications and wallets. It also doesn’t have an official app on the Play Store.

“Alexander Chailytko, cybersecurity, research, and innovation manager at CPR, said: “This incident is a wake-up call for the entire digital asset community as the emergence of the first mobile crypto drainer app on Google Play marks a significant escalation in the tactics used by cybercriminals and the rapidly evolving landscape of cyber threats in decentralized finance.”

More (a lot more)  at:

https://www.theregister.com/2024/09/26/victims_lose_70k_to_play/

=========================

This sort of thing is one reason I have for not having ANY financial apps on my smartphone, period. Cash, bank ATM cards, PayPal, checks and a credit card (used very sparingly) may make me a Luddite, but I’m sorry. (No debit cards either, since Consumer Clark’s show gave me the low-down on them.) Here I stand until I am forced to have to have any of this stuff on my phone. (I can hear the incoming…Please throw objects at me slowly, as I’m too old to move fast. 🙂 >>>

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

4 users thanked author for this post.

Steve, WSbobby-p, wavy, April

Reply | Quote

Replies

Nibbled To Death By Ducks wrote:

bank ATM cards,

How many ATMs have been hacked ?

ATM Software Flaws Left Piles of Cash for Anyone Who Knew to Look

ATM Hackers Have Picked Up Some Clever New Tricks

Hack for Cash: ATMs Take Just 20 Minutes to Crack

Hackers drain bitcoin ATMs of $1.5 million by exploiting 0-day bug

Reply | Quote

Alex5723 wrote:

How many ATMs have been hacked ?

ATM Software Flaws Left Piles of Cash for Anyone Who Knew to Look

“The core deficiency that I’m exploiting is that the Linux partition was not encrypted.”

Did any customers lose cash?

Reply | Quote

A fellow Luddite here!  I have no apps installed on my Android smartphone except for the default ones.  I don’t use it for anything sensitive — no finance, no payment apps, no email…you get the idea.  I never use the phone’s browser to visit those sites that I consider to be sensitive (e.g., banking, SSA, etc.).

I don’t have a debit card.  Credit cards are sufficient.

ATM card is only linked to a checking account that contains minimal balances.  Any other accounts at that bank are not accessible through an ATM.

Only ATMs INSIDE a bank branch are used, never 3rd party ATMs or bank ATMs that are accessible from the street.  Not even the ones in the bank branch office vestibule!  Yes, I avoid the drive-through ATMs as well.  I may need to park the car and walk a small distance to enter the branch but its worth it.  There are no guarantees but I believe that the interior ATMs are substantially less susceptible to tampering by bad actors than the others I mentioned earlier.

 

3 users thanked author for this post.

WSbobby-p, ctRanger, Nibbled To Death By Ducks

Reply | Quote

Another Luddite here. No smart phone apps, no bit coin usage, use cash whenever possible. I only use my ATM card at the issuing bank; inside the bank preferably. Two of the articles posted by Alex mentioned these ATM hacks typically require physical access to the ATM. One of the articles stated that 92% of the ATM hacks required physical access. Since I have had ATM issues over weekends, I avoid using ATM’s after hours and on holidays. Yes, Nibbled to death by ducks, I also feel increasingly pressured to install smart phone apps. After all, these apps typically make the job easier for the institution or person you are dealing with. Likely my first required app will be an authentication app since it is assumed everyone uses smartphones.

3 users thanked author for this post.

wavy, ctRanger, Nibbled To Death By Ducks

Reply | Quote

Ooh! A free app that makes using my crypto easier and then wants me to authorize transactions. What could possibly go wrong?

No need to be a luddite, just a bit of caution when it comes to your money.

cheers, Paul

5 users thanked author for this post.

SueW, J9438, Nibbled To Death By Ducks, TechTango, wavy

Reply | Quote

Paul T wrote:

just a bit of caution when it comes to your money.

Out in public I notice some mobile phone users seem to be jabbing carelessly on anything pops up and are probably doing the same thing on their computers.

Desktop Asus TUF X299 Mark 1, CPU: Intel Core i7-7820X Skylake-X 8-Core 3.6 GHz, RAM: 32GB, GPU: Nvidia GTX 1050 Ti 4GB. Display: Four 27" 1080p screens 2 over 2 quad.

2 users thanked author for this post.

Steve, Nibbled To Death By Ducks

Reply | Quote

Sueska wrote:

I also feel increasingly pressured to install smart phone apps. After all, these apps typically make the job easier for the institution or person you are dealing with.

Yup, the more automated they can get their systems, the more bodies they can throw out on the street.

“Banking: A most productive enterprise where one can make money by loaning out money at 10X the rate you pay savings accounts, or, in some cases, actually loaning a person’s own money back to them.” –Hillaire Belloc

A little off-topic, but I like some of Belloc’s quips.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

What is most significant to me is that corporations seem to be pushing convenience over security. For example, my bank just sent me without my asking a new contactless credit card. So now if I accidentally leave it on a restaurant table, a passerby can pick it up and have a free meal plus. Remember in the old days you had to physically sign and show ID to use a credit card? Yes, now convenient but not very secure.

A guy in line in front of me thought he was putting his wallet in his pocket but he missed and it fell to the floor. It was a fat wallet with dozens of credit cards. Good thing I am honest and gave it back.

In the old days there were no cell phones, no email, no eaccounts, and no losses from hacking. Convenience, though wonderful in itself, requires constant vigilance and careful use, which for many people is not being practiced as in the case of a person I saw walking around with a large screen cell phone sticking out of their back pocket!

3 users thanked author for this post.

windbg, Steve, Nibbled To Death By Ducks

Reply | Quote

J9438 wrote:

What is most significant to me is that corporations seem to be pushing convenience over security.

..but it’s not about what YOU want, it’s about what THEY want you to want!

“Marketing to the “B” Ark, please, immediate boarding…” (If only!)

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

J9438

Reply | Quote

Nibbled To Death By Ducks wrote:

This sort of thing is one reason I have for not having ANY financial apps on my smartphone, period. Cash, bank ATM cards, PayPal, checks and a credit card (used very sparingly) may make me a Luddite, but I’m sorry.

If you write checks, make sure you protect yourself from check washing: https://www.aarp.org/money/scams-fraud/info-2023/stop-check-washers.html

Anything with a check in it should only be mailed from the slot inside the post office. Not even the mailbox outside in front of the post office is safe.

 

3 users thanked author for this post.

Steve, J9438, Nibbled To Death By Ducks

Reply | Quote

dg1261 wrote:

If you write checks, make sure you protect yourself from check washing: https://www.aarp.org/money/scams-fraud/info-2023/stop-check-washers.html

Darn tootin’! I use an actual fountain pen (Millennials eyeballs pop out when I haul it out) with indelible ink that literally soaks the paper through.

As for the Post Office drop box inside, I agree. But the new outside ones at our post office have one-way metal traps. Very difficult to get into-you’d have to use a fire axe. Now, in a city where they rip entire ATM’s out of banks with heavy equipment, this may not stop them. But I haven’t heard of one of those capers in a long time.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

As to checks I’m guilty of not using indelible ink.  But in my defense I write one check a year to pay real estate taxes.  In my community taxpayers are encouraged to mail payments or use drop boxes outside the town hall office building and the assessor is supposed to return a receipt to you by return mail.

Sorry, not good enough for me.  I don’t trust the mail or outside drop boxes.  And the possibility that my payment could be lost or misapplied also exists.  So I pay these taxes in person and get my proof of payment (showing the related parcels on the tax map) placed into my own hands at the same time.

Reply | Quote

Me 2
Before that I used auto pay on my mortgage which covered Property taxes

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

dg1261 wrote:

Nibbled To Death By Ducks wrote:

This sort of thing is one reason I have for not having ANY financial apps on my smartphone, period. Cash, bank ATM cards, PayPal, checks and a credit card (used very sparingly) may make me a Luddite, but I’m sorry.

If you write checks, make sure you protect yourself from check washing: https://www.aarp.org/money/scams-fraud/info-2023/stop-check-washers.html

Anything with a check in it should only be mailed from the slot inside the post office. Not even the mailbox outside in front of the post office is safe.

 

I keep tabs on the Weekly Flyer that gets left at the address here. (I had to jump through hoops to get on that list!) That flyer has an outside sheath.
Regularly, one of the ads on that sheath is for paper checks. When will these corporations give it up? When even your issuing bank is cautioning you to not write checks, to attempt to stay in business is foolhardy at the least, and dangerous at the worst. {‘Porch pirates’ would love to obtain the outbound mail with the paper checks therein.}
I have a long-standing account with my local bank. It includes free money orders for myself. To get those, I have to physically visit the bank. The financial amount is indelibly printed on the money order. The funds have already been pledged. The recipient can accept the amount upon its arrival. I recommend you investigate whether your financial institution offers money orders for free.
{It also helps that I am two blocks away from a ZIP Code post office, which is from where envelopes containing those money orders are mailed.}

Important links you can use, without the monetization pitch = https://pqrs-ltd.xyz/bookmark4.html

Reply | Quote

Steve wrote:

ZIP Code post office

What kind is that?

🍻

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote