đ Stay Ahead with AltcoinDaily.co! đ
IT security firm Check Point Research has uncovered a crypto wallet-draining app that stole over $70,000 in just five months via Google Play store. Disguised as the well-known WalletConnect protocol, the malicious app tricked users into connecting their crypto wallets, subsequently draining funds using advanced evasion techniques.
The fake app, which was available on the Google Play store, marks the first recorded instance of drainers specifically targeting mobile users.
In a blog post, Check Point Research explained that the fraudulent app achieved over 10,000 downloads by ranking high in search results. The fraudsters achieved this through fake reviews and consistent branding.
 đ Unlock Crypto Insights with AltcoinDaily.co! đ°
Though 150 users fell victim to the scam, others avoided financial losses by recognizing the fraud or never linking their wallets to the app. The app was removed from Google Play after operating undetected for over five months, starting on March 21.
App Bypasses Google Play Storeâs Security
Initially published under the name âMestox Calculator,â the app changed its name several times but retained an innocuous-looking URL that led to a calculator website.
This strategy helped the app pass Google Playâs automated and manual review processes, allowing it to remain on the platform for months. Depending on a userâs location and IP address, they could be redirected to a backend where the wallet-draining malware, MS Drainer, was housed.
 đŠ AltcoinDaily.co is your trusted source for the latest in crypto news and insights. đ
Once users connected their wallets to the app, they were prompted to grant permissions for âverifying their wallet.â However, these permissions allowed attackers to transfer the maximum amount of assets from the victimâs wallet. The malware first targeted the most valuable tokens and worked its way down to cheaper ones, depleting the userâs funds.
A Call for Greater Awareness
Check Point Research highlighted how sophisticated this particular attack was, as it didnât rely on traditional methods like permissions or keylogging. Instead, it utilized smart contracts and deep links to silently drain usersâ crypto wallets.
The firm emphasized the need for heightened security on app stores like Google Play, urging better verification processes to prevent malicious apps from reaching users. It also stressed the importance of ongoing education for the crypto community, as even seemingly trustworthy apps can pose significant risks.
