Crypto Wallet Drainer App Identified on Google Play Store, Report Suggests $70,000 Stolen
DA Gadgets 
A
report
by
Check
Point
Research
(CPR)
uncovered
a
crypto
wallet
draining
app
on
the
Google
Play
Store,
masquerading
as
the
popular
WalletConnect
app.
CPR
found
that
the
app
used
“advanced
evasion
techniques”
to
steal
$70,000
(roughly
Rs.
58.6
lakh)
over
five
months
from
unsuspecting
users.
The
malicious
app,
named
“MS
Drainer”
after
an
analysis
of
its
JavaScript
code,
is
part
of
a
growing
trend
of
increasingly
sophisticated
crypto
scams.
Recent
FBI
reports
also
warn
that
cybercriminals
have
become
more
efficient
in
executing
global
attacks.
“Check
Point
Research
(CPR)
uncovered
a
malicious
app
on
Google
Play
Store
designed
to
steal
cryptocurrency
marking
the
first
time
a
drainer
has
targeted
mobile
device
users
exclusively.
To
pose
as
a
legitimate
tool
for
Web3
apps,
the
attackers
exploited
the
trusted
name
of
the
WalletConnect
protocol,
which
connects
crypto
wallets
to
decentralised
apps,”
the
report
said.
The
crypto
wallet
app,
that
has
now
been
removed,
managed
to
amass
over
10,000
downloads.
The
fake
platform
emerged
on
top
of
the
search
on
Google
Play
Store
on
searching
for
‘WalletConnect’
owing
to
multiple
reviews
that
the
CPR
report
flagged
as
‘fake’.
What
is
WalletConnect
WalletConnect
is
an
open-source
protocol
that
connects
decentralised
apps
(dApps)
with
crypto
wallets
through
QR
codes,
allowing
users
to
interact
with
blockchain-based
apps
without
exposing
their
private
keys.
According
to
Check
Point
Research
(CPR),
a
fake
app
mimicking
WalletConnect’s
appearance
and
functions
was
created
using
the
web
service
Median.co.
The
app,
initially
named
“Mestox
Calculator,”
was
published
on
the
Google
Play
Store
on
March
21,
2024,
with
its
name
changed
several
times
since
then.
“An
inexperienced
user
might
conclude
that
it
is
a
separate
wallet
application
that
needs
to
be
downloaded
and
installed.
Attackers
hijack
the
confusion,
hoping
that
users
will
search
for
a
WalletConnect
app
in
the
application
store,”
the
report
noted.
The
X
handle
of
WalletConnect
acknowledged
the
development
in
a
note
to
its
followers.
The
WalletConnect
Foundation
is
aware
of
a
recent
scam
where
bad
actors
developed
a
malicious
app
that
exploited
the
WalletConnect
name
and
was
available
on
the
Play
Store.
The
app
has
been
removed
from
Play
Store.
The
Foundation
reminds
everyone
that
there
is
no…—
WalletConnect
(@WalletConnect)
September
29,
2024
How
Did
WalletConnet’s
Malicious
Dupe
Work
Upon
download,
the
fake
app
quickly
prompted
users
to
connect
their
crypto
wallets.
When
users
clicked
the
wallet
buttons,
they
were
redirected
to
a
malicious
website
via
a
deep
link.
To
verify
their
wallets,
the
website
requested
users
to
approve
multiple
transactions
consecutively,
unknowingly
authorizing
fraudulent
activity.
“We
assume
that
users
install
this
malicious
app
to
connect
their
wallet
to
Web3
applications
that
do
not
support
direct
connections
to
wallets
like
MetaMask,
Binance
Wallet,
or
Trust
Wallet,
but
only
use
the
WalletConnect
protocol.
They
likely
expect
the
downloaded
WalletConnect
app
to
function
as
a
sort
of
proxy.
Therefore,
the
connection
request
does
not
appear
suspicious,”
the
report
explained.
The
CPR,
in
its
report,
said
incidents
like
these
highlight
the
advance
nature
of
techniques
that
are
being
used
to
target
the
crypto
sector,
that
is
presently
valued
at
$2.27
trillion
(roughly
Rs.
1,90,20,364
crore).
The
website
has
strongly
suggested
users
remain
vigilant
and
wary
of
the
applications
they
download,
even
when
they
appear
legitimate.
Back
in
2023,
a
Sophos
report
stated
that
crypto
scammers
have
been
fishing
for
victims
on
Android
systems
using
AI
tools.
Crypto
fraudsters
were
also
identified
to
be
exploiting
advertisements
on
Google
Search
to
promote
scam
websites.
