An app masquerading as WalletConnect has stolen over $70,000 from users on the Google Play Store. According to Check Point Research, the app used advanced evasion techniques, allowing it to remain undetected for over five months and trick over 150 users into linking their wallets.
Evasion Techniques
Originally named ‘Mestox Calculator,’ the app first appeared in March and underwent several name changes to avoid detection. Using a harmless calculator front, the app passed Google Play’s security checks.
How the Theft Occurred
Once installed, the app redirected users to a backend that drained their crypto wallets. The app tricked users into connecting their wallets and approving permissions, which allowed the attackers to steal funds. Only those who connected their wallet or met the malware’s specific targeting criteria were affected.
Precautionary Measures
According to Check Point Research, the app was downloaded over 10,000 times before being removed from the store. This is the first time a drainer app has exclusively targeted mobile users, making it a significant security concern for crypto holders. Users are advised to always verify the authenticity of apps, especially when connecting their wallets to unknown platforms.
This incident highlights the growing threat of mobile-targeted scams in the cryptocurrency space. Users should always be cautious and verify the authenticity of apps, especially when it comes to connecting their wallets.
Comments