A troubling app on Google Play was discovered stealing cryptocurrency from users, using clever tricks and mimicking trusted protocols.
Check Point Research revealed that this app managed to steal around $70,000 from over 150 victims.
How the app operated
The attackers used the Walletconnect protocol to make the app seem legitimate, manipulated Google search rankings, and avoided detection with encryption and obfuscation techniques.
CPR announced on Thursday that they uncovered this app, marking a first-of-its-kind moment as it is the first known case of a drainer targeting mobile users exclusively.
The app was active for nearly five months and used the trusted Walletconnect protocol to deceive users with fake branding and social engineering tactics.
Before it was removed from Google Play, it had tricked more than 150 users, leading to losses exceeding $70,000.
The attackers achieved over 10,000 downloads by manipulating search results and using fake reviews.
CPR also shared that advanced social engineering was key in convincing users to download the app and connect their cryptocurrency wallets.
Once users interacted with the app, they were prompted to sign harmful, fake transactions, allowing the attackers to silently drain their cryptos.
Security check my *ss
The report mentioned that not every user who downloaded the app was affected, because some didn’t complete the wallet connection, while others spotted suspicious activity and secured their assets before any harm.
Some users may not have fit the malware’s specific targeting criteria.
Further analysis by CPR showed that the app avoided detection through advanced obfuscation techniques and anti-analysis methods, even slipping past Google Play’s security checks.
The attackers used redirection and encryption tactics to hide their true motives.
This app relied heavily on external malicious scripts, making it harder to detect and allowing the attackers to stay hidden.
Be prepared!
This incident is a yet another example how cybercriminals are becoming increasingly sophisticated in their tactics, especially in DeFi where users often depend on third-party protocols to manage their assets.
As these threats grow,, and they definitely are, it becomes more important than ever for users to remain cautious when downloading app sor interacting with anything in the crypto sphere.
