A new report by cybersecurity experts at Check Point Research has revealed a crypto wallet draining app that stole over $70,000 from users over five months.
The fake app was available on Google Play and tricked thousands into downloading it by posing as WalletConnect, a popular tool used to connect crypto wallets to decentralized apps (dApps).
Check Point Research's September 26 report highlights this as the first known case of a mobile drainer app targeting the crypto community.
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What Are Crypto Rollups? ZKSnarks vs Optimistic Rollups (ANIMATED)
This fake app was downloaded by more than 10,000 people, helped by fake reviews and clever branding that pushed it up in search results.
The app was initially named "Mestox Calculator" when it launched on March 21, with its official URL leading to what appeared to be a legitimate calculator website, allowing it to bypass security checks in the Google Play review process. While the app's name was changed several times, it remained on the store for months without being noticed due to the seemingly harmless URL.
Once installed, the app would send users to a system that ran malicious software called MS Drainer. This software asked users to connect their wallets, pretending to verify them. By doing so, users unknowingly gave the scammers permission to take the maximum amount of funds from their wallets.
Check Point Research commented:
This incident highlights the growing sophistication of cybercriminal tactics, particularly in the realm of decentralized finance, where users often rely on third-party tools and protocols to manage their digital assets. The malicious app did not rely on traditional attack vectors like permissions or keylogging. Instead, it used smart contracts and deep links to silently drain assets once users were tricked into using the app.
Google has since removed the app from its store, but Check Point Research cautioned users to remain vigilant when downloading apps, even from well-established platforms like Google Play.
This case highlights the importance of staying informed in the crypto world. Even small actions, like connecting a wallet, can lead to huge financial losses if users are not careful.
In other news, hackers recently took over the OpenAI Newsroom X account, promoting a fake token scam disguised as an airdrop for ChatGPT users.