A malicious app disguised as a legitimate WalletConnect tool targeted mobile users on Google Play. The app stole crypto assets from unsuspecting victims. Learn how to protect yourself from similar scams.
Check Point Research (CPR) has discovered the first-ever mobile crypto drainer app on Google Play, deceptively posing as the legitimate WalletConnect tool. The app targeted users directly on their mobile devices, stealing around $70,000 from at least 150 victims. This marks the first time a drainer has exclusively targeted mobile device users, using advanced social engineering tactics and sophisticated evasion techniques.
This app capitalized on the trusted name “WalletConnect,” a well-known protocol for connecting wallets to Decentralized Applications (dApps). By appearing as a genuine WalletConnect solution, it lured users who were struggling to connect their wallets to Web3 applications using traditional methods into installing it.
Once installed, the app would prompt users to connect their wallets. This seemingly harmless request was a trap. Upon connection, the app would silently activate the MS Drainer, a powerful toolkit designed to steal various crypto assets.
The MS Drainer would then scan the victim’s wallet for valuable assets like tokens and NFTs. It would prioritize stealing the most valuable ones, using clever techniques to minimize fees and avoid detection. The app also employed deceptive tactics to trick users into signing transactions that would grant the attacker permission to withdraw funds.
These transactions appeared legitimate, leading many victims to unknowingly compromise their assets. This process is repeated across multiple blockchain networks, allowing attackers to systematically steal victims’ assets.
The malicious WalletConnect app used advanced social engineering and technical manipulation, exploiting the complexities of the legitimate WalletConnect protocol, to deceive users into thinking it was a safe tool for connecting their cryptocurrency wallets to Web3 applications.
According to Check Point’s detailed technical report shared with Hackread.com ahead of publishing on Thursday, the app also used advanced evasion techniques, such as fake positive reviews, to remain undetected on Google Play’s verification process for nearly five months, causing significant damage. It managed to accumulate over 10,000 downloads and received numerous fake positive reviews, further deceiving potential victims.
This indicates the growing sophistication of cybercriminals in the decentralized finance ecosystem. Crypto drainers, which steal digital assets, are increasingly used by attackers, often using phishing websites and apps that mimic legitimate platforms. This case highlights the importance of user awareness and security in the DeFi space, reminding us yet again that even seemingly legitimate apps can harbour malicious intent.
Commenting on this, Alexander Chailytko, Cyber Security, Research & Innovation Manager at Check Point Software warned Android users to watch out before downloading an app from third-party as well as Google’s very own Google Play or Play Store.
“This incident is a wake-up call for the entire digital asset community as the emergence of the first mobile crypto drainer app on Google Play marks a significant escalation in the tactics used by cybercriminals and the rapidly evolving landscape of cyber threats in decentralized finance,” Alexander explained.
“This research highlights the critical need for advanced, AI-driven security solutions that can detect and prevent such sophisticated threats. Both users and developers must stay informed and take proactive measures to secure their digital assets.”
RELATED TOPICS
- Trezor Data Breach Exposes Email and Names of 66,000 Users
- Pink Drainer Posed as Journalists, Stole $3M from Twitter Users
- Hackers Posed as Google Support to Steal $243 Million in Crypto
- Apple Approves Fake App Before Real Rabby Wallet, Funds Stolen
- Inferno Drainer Phishing Nets Scammers $80M from Crypto Wallets