I like to think of myself as a power user and have been in the space since 2014. I always held most of my Bitcoin on a hardware wallet and only kept tiny amount of sats on my phone wallet. Last night something happened which made me come here and make a post so that you guys don’t fall for it as well.
I’ve always been an Android user and most attractive thing about Android for me was the ability to sideload apps. I had all kinds of sideloaded apps on my phone like VPN, livestreams, IPTV, Spotify, Camera apps and never had an issue before. I used one app named Mobdro for years for livestreams and such and it worked as expected, but a couple of weeks ago I got an update notification from this app and I clicked “Update” without thinking much about it. Last night I sent $35 worth of BTC to a friend and saw that the address this BTC was being sent to was not my friends address but it was too late since the TX was already in mempool. I quickly realized that my phone has been compromised and I had to factory reset it.
Turns out the Mobdro app developer was [arrested last week](https://troypoint.com/mobdro-developer-arrested/) and somehow someone got access to their app resources and pushed an update containing malware which would detect a Bitcoin address copied in the clipboard and replaces it with one of the attackers address. So long story short, I ended up losing $35 of BTC to a stupid malicious app.
* Always check the wallet address before sending your BTC
* Don’t sideload/install unknown/malicious apps and give them full admin access to your phone/tablet/desktop.
* Use a bloody hardware wallet.