Analysis
September 30, 2024 1:57 PM
IT security firm Check Point Research has uncovered a malicious crypto wallet drainer app on the Google Play store, which stole over $70,000 from users over five months. The app, masquerading as the well-known WalletConnect protocol, marks the first time drainers exclusively targeted mobile users.
The app used advanced evasion techniques to remain undetected, achieving over 10,000 downloads by leveraging fake reviews and consistent branding. While not all users fell victim, over 150 individuals were drained of funds, as some did not connect a wallet or met specific targeting criteria.
The malicious app first appeared on Google Play on March 21 under the name "Mestox Calculator" and underwent several name changes. Its URL pointed to a seemingly harmless calculator website, allowing it to pass Google's app review process. However, depending on the user's IP address and device, they were redirected to the wallet-draining software MS Drainer.
The fake WalletConnect app prompted users to connect a wallet, a seemingly normal request, but then asked for permissions that allowed attackers to transfer assets. The app prioritized withdrawing more expensive tokens first, followed by cheaper ones.
Check Point Research highlighted the sophistication of this attack, which relied on smart contracts and deep links rather than traditional methods like permissions or keylogging. The incident underscores the need for users to be cautious with app downloads and for app stores to enhance verification processes.
The crypto community must continue educating users about Web3 technology risks, as even innocent interactions can lead to significant financial losses. Check Point Research emphasized the importance of user awareness and improved app store security measures to prevent similar incidents.
Google has not responded to requests for comment regarding the incident.
Disclaimer: Backdoor provides informational content only, it is not offered or intended to be used as legal, tax, investment, financial, or other advice. Investments in digital assets involve risk, and past performance does not guarantee future results. We recommend conducting your own research before making any investment decisions.