• Dapps:16.23K
  • Blockchains:78
  • Active users:66.47M
  • 30d volume:$303.26B
  • 30d transactions:$879.24M

Malicious Crypto Wallet App Discovered on Google Play: $70K Stolen

user avatar

by Giorgi Kostiuk

2 years ago


Check Point Research, an IT security firm, has uncovered a cryptocurrency wallet draining application that used “advanced evasion techniques” on the Google Play store to steal over $70,000 in five months.

How the App Worked

The malicious application disguised itself as the WalletConnect protocol, a well-known app in the crypto space that allows linking various crypto wallets to decentralized finance (DeFi) applications.

The company stated in a blog post dated September 26 that this marks the first instance where drainers exclusively targeted mobile users. Fake reviews and consistent branding helped the app achieve over 10,000 downloads by ranking high in search results. The app was made available on Google’s app store on March 21 and used advanced evasion techniques to remain undetected for over five months. Published initially under the name 'Mestox Calculator,' the app underwent several name changes while its application URL still pointed to a seemingly harmless website featuring a calculator. This technique allowed attackers to pass the app review process in Google Play, as automated and manual checks would load the 'harmless' calculator application. However, depending on the user's IP address location and mobile device usage, they were redirected to the malicious back end hosting the wallet-draining software MS Drainer.

Impact on Users

More than 150 users were drained of around $70,000. Not all users were targeted, as some did not connect a wallet or realized it was a scam. Others might not have met the malware’s specific targeting criteria.

The faked WalletConnect app prompted users to connect a wallet, which wouldn’t have been suspicious due to how the actual app functions. Users were then asked to accept various permissions to 'verify their wallet,' which granted permission for the attacker's address to transfer the maximum amount of the specified asset. The application retrieved the value of all assets in the victim's wallets, initially attempting to withdraw the more expensive tokens followed by cheaper ones.

This incident highlights the growing sophistication of cybercriminal tactics. The malicious app did not rely on traditional attack vectors like permissions or keylogging. Instead, it used smart contracts and deep links to silently drain assets once users were tricked into using the app.None

Safety Recommendations

Check Point Research emphasizes the necessity of being cautious when downloading applications, even when they appear legitimate, and recommends that app stores improve their verification processes to prevent malicious apps. Researchers also noted that the crypto community must continue to educate users about the risks associated with Web3 technologies. This case illustrates that even seemingly innocuous interactions can lead to significant financial losses.

The crypto community needs to continue to educate users about the risks associated with Web3 technologies. This case illustrates that even seemingly innocuous interactions can lead to significant financial losses.Check Point Research

The malicious application has been removed from Google Play, but the incident highlights the need for increased scrutiny of applications and raised awareness of cybersecurity threats in the crypto sphere.

0

Rewards

chest
chest
chest
chest

More rewards

Discover enhanced rewards on our social media.

chest

Other news

Aave GHO Stablecoin Debuts on Arbitrum to Enhance Liquidity.

chest

Aave's GHO stablecoin is set to enhance liquidity and distribution through its native deployment on Arbitrum, a prominent Ethereum layer 2 environment.

user avatarZainab Kamara

Aave GHO Stablecoin Debuts on Arbitrum to Enhance Liquidity.

chest

Aave has launched its GHO stablecoin on the Arbitrum layer 2 network to enhance liquidity and usability in the DeFi ecosystem.

user avatarJacob Williams

Market Reactions to MakerDAO's SPARK Update

chest

The market's response to MakerDAO's SPARK distribution plan highlights the importance of separating confirmed developments from speculation.

user avatarSon Min-ho

MakerDAO's SPARK Distribution Plan Unveiled

chest

MakerDAO has introduced the SPARK distribution plan to clarify user incentives during its Endgame transition.

user avatarAyman Ben Youssef

Paxos Launches USDGL Yield-Generating Stablecoin in Singapore.

chest

Paxos has launched USDGL, a yield-bearing stablecoin, in Singapore, focusing on regulatory compliance to enhance trust among users.

user avatarKofi Adjeman

Paxos Launches USDGL Yield-Generating Stablecoin in Singapore.

chest

Paxos has launched USDGL, a yield-bearing stablecoin, in Singapore, focusing on regulatory compliance to enhance trust among users.

user avatarTando Nkube

Important disclaimer: The information presented on the Dapp.Expert portal is intended solely for informational purposes and does not constitute an investment recommendation or a guide to action in the field of cryptocurrencies. The Dapp.Expert team is not responsible for any potential losses or missed profits associated with the use of materials published on the site. Before making investment decisions in cryptocurrencies, we recommend consulting a qualified financial advisor.