- SlowMist investigated fake Web3 wallets from third-party app stores.
- The security firm discovered a fraudulent version of the imToken wallet on apkcombo with substantial downloads.
- Collin Wu reported that the top ad on Chinese Google for imToken was a phishing website.
The SlowMist Security Team has investigated and analyzed fake Web3 wallets from third-party app stores, warning users about the dangers of downloading wallet apps from questionable sources.
In a recent tweet, the team shared their findings and urged users to stay vigilant in enhancing their security awareness when using wallets in the blockchain space.
Investigation and Analysis of Fake #Web3 Wallets from Third-partyA thread about the risks of using third-party app stores and the dangers of fake wallets in the #blockchain space.Full article here https://t.co/lYNDnM7Qzj— SlowMist (@SlowMist_Team) April 26, 2023
According to the team, third-party app stores like apkcombo and uptodown pose significant risks as anyone can publish apps with minimal cost, making phishing attacks more accessible. The team found a fraudulent version of the well-known imToken wallet on apkcombo, which transmits sensitive data, like mnemonics, to the attacker’s server.
The report read:
We found a widespread fraudulent version of the well-known imToken wallet on apkcombo. It has a high version number, possibly to mask itself as the latest version. The download count is also substantial, likely sourced from Google Play’s info.
The security firm encourages users to always use official download channels for wallets and exchanges, stay vigilant, and enhance their security awareness.
Last week, a well-known Chinese reporter, Collin Wu, revealed that the top ad for imToken on Chinese Google search was a phishing website that uses Google Docs to commit fraud. Wu highlighted that many fake wallets were flooding search engines and forming an industrial chain, posing a threat to unsuspecting users.
The top advertisement of Imtoken in Chinese Google search is a phishing website, using Google doc for fraud. A large number of fake wallets are flooding search engines and forming an industrial chain, users must be careful. https://t.co/y8bJapgOAD pic.twitter.com/J0uuoqMxnF— Wu Blockchain (@WuBlockchain) April 21, 2023
SlowMist expressed shock that such a scam could occur and warned users to exercise caution, noting that the phishing attack was a new type that uses Google Docs to deceive users.
The post SlowMist Uncovers Fraudulent ImToken Wallet on Third-party Stores appeared first on Coin Edition.