Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The invisible thief walked around the app store for 5 months.
The Check Point Research (CPR) team has discovered a malicious cryptodrainer app on Google Play designed to steal cryptocurrency. This is the first time that the drainer is focused exclusively on mobile devices. The app used detection bypass techniques and was in the store for almost 5 months until it was removed.
The app, called "WalletConnect – Crypto Wallet," masqueraded as a Web3 tool and used the name of the popular WalletConnect protocol that connects crypto wallets to decentralized applications. Fake reviews and a recognizable brand helped achieve more than 10,000 downloads. At the same time, the application appeared at the top of the search results on Google Play.
The use of social engineering and modern cryptodrainer tools allowed attackers to steal $70,000 worth of cryptocurrency from about 150 victims.
Malicious app on Google Play
A cryptodrainer is a malicious tool for stealing digital assets, including NFTs and tokens from crypto wallets. To steal funds, the cryptodrainer uses phishing and smart contracts. Often, users are redirected to fake sites that mimic legitimate platforms, where victims are asked to sign fake transactions. As soon as the user confirms such a transaction, the assets are automatically withdrawn to the accounts of the attackers.
WalletConnect is an open-source protocol that enables secure communication between decentralized applications (dApps) and crypto wallets. However, some difficulties with connecting to WalletConnect confuse users, which is what the scammers used. The difficulties stem from the fact that not all wallets support WalletConnect, and its incompatibility with outdated versions of some wallets only exacerbates the problem.
The application was created using the median.co service, which allows you to transform the site into a mobile application. It actually performed the functions of a browser that opened a certain site. When downloaded in the browser, users saw a simple calculator called "Mestox Calculator", which helped bypass Google Play's security checks.
At the same time, malicious functionality was secretly working in the application, which consisted in redirecting the user to the connectprotocol[.] resource app/gate/index.php, under the guise of checking the wallet, it was proposed to sign transactions, after which user assets were automatically transferred to the accounts of attackers.
Mestox Calculator Bait App
The MS Drainer tool used in the app supports many blockchains, including Ethereum, BNB Smart Chain, Polygon, and quickly finds victims' assets.
To protect against such threats, users should carefully check apps before downloading them, and app stores are required to strengthen their verification procedures. Educational initiatives within the crypto community also play a key role in communicating the risks associated with Web3 technologies.
Source
The Check Point Research (CPR) team has discovered a malicious cryptodrainer app on Google Play designed to steal cryptocurrency. This is the first time that the drainer is focused exclusively on mobile devices. The app used detection bypass techniques and was in the store for almost 5 months until it was removed.
The app, called "WalletConnect – Crypto Wallet," masqueraded as a Web3 tool and used the name of the popular WalletConnect protocol that connects crypto wallets to decentralized applications. Fake reviews and a recognizable brand helped achieve more than 10,000 downloads. At the same time, the application appeared at the top of the search results on Google Play.
The use of social engineering and modern cryptodrainer tools allowed attackers to steal $70,000 worth of cryptocurrency from about 150 victims.
Malicious app on Google Play
A cryptodrainer is a malicious tool for stealing digital assets, including NFTs and tokens from crypto wallets. To steal funds, the cryptodrainer uses phishing and smart contracts. Often, users are redirected to fake sites that mimic legitimate platforms, where victims are asked to sign fake transactions. As soon as the user confirms such a transaction, the assets are automatically withdrawn to the accounts of the attackers.
WalletConnect is an open-source protocol that enables secure communication between decentralized applications (dApps) and crypto wallets. However, some difficulties with connecting to WalletConnect confuse users, which is what the scammers used. The difficulties stem from the fact that not all wallets support WalletConnect, and its incompatibility with outdated versions of some wallets only exacerbates the problem.
The application was created using the median.co service, which allows you to transform the site into a mobile application. It actually performed the functions of a browser that opened a certain site. When downloaded in the browser, users saw a simple calculator called "Mestox Calculator", which helped bypass Google Play's security checks.
At the same time, malicious functionality was secretly working in the application, which consisted in redirecting the user to the connectprotocol[.] resource app/gate/index.php, under the guise of checking the wallet, it was proposed to sign transactions, after which user assets were automatically transferred to the accounts of attackers.
Mestox Calculator Bait App
The MS Drainer tool used in the app supports many blockchains, including Ethereum, BNB Smart Chain, Polygon, and quickly finds victims' assets.
To protect against such threats, users should carefully check apps before downloading them, and app stores are required to strengthen their verification procedures. Educational initiatives within the crypto community also play a key role in communicating the risks associated with Web3 technologies.
Source
