A notable blockchain security platform SlowMist has issued a report on forged Web3 wallets’ 3rd-party sources. The platform has published a blog post on Medium in this respect. While disclosing the background of the study, the platform mentioned that Web3 is getting more and more attention around the world. It added that this technology is taking the industry to another stage of revolution. Nonetheless, it also pointed out that the respective technology is like a dark forest offering different opportunities but risks also.
SlowMist Analyzes Counterfeit Web3 Wallet Apps
In this way, the firm asserted that the consumers of the Web3 wallets should be aware of the risks associated with them. In the Web3 sector, the applications utilize wallets uniformly to perform logins. That is why the malicious actors target them. SlowMist revealed that, because of diverse reasons like network issues or incompatibility with Google Play, several people go to alternative sources to download apps provided by Google Play.
The respective sites often claim that the apps offered by them have been obtained from Google Play however they remain questionable in terms of security. In addition to this, the platform referred to apkpure, apkcombo, and other such websites. In the words of the security firm, the applications downloaded from such sources remain doubtful in terms of their security.
In this respect, it gave the example of a crypto wallet “imToken.” The authenticated mobile application of the respective wallet is available on Google Play. Nonetheless, people having devices incompatible with Google Play turn to the alternatives like apkcombo. Hence, they download unauthorized versions that are too risky. According to SlowMist, the apkcombo-based version of imToken is 24.9.11 which has been declared non-existent by the official platform of imToken.
On Google Play, the wallet version is 4.2. The blockchain security company brought to the front that the fake version of the wallet has a huge download count on the alternatives like apkcombo and uptodown. It moved on to say that anyone is permitted by uptodown to publish their applications and this allows bad actors to plan phishing attacks with fake apps.
The Blockchain Security Firm Advises Users to Confirm Source Before Downloading a Wallet App
As mentioned by SlowMist, the forged wallet app of imToken has drained millions from up to 10,000 consumers after being launched in 2021’s November. In the words of the platform, such scam-based apps are expanding thus users should remain vigilant to verify the source without downloading any wallet app. It also advised those who have already downloaded such apps to immediately uninstall them.
