The Check Point Research (CPR) team reported a threat lurking in Google Play for digital asset owners. They discovered the first known mobile crypto drainerA type of malware designed for rapid automated withdrawal of funds from legitimate crypto wallets to the attackers' wallets.: the application disguises itself as a real WalletConnectWalletConnect is an open protocol that allows you to connect your crypto wallet to decentralized applications (dApps) on the internet..
The malicious application has already been downloaded over 10,000 times in five months. The attackers managed to steal around $70,000 in digital assets from the wallets of at least 150 victims.
“The malicious app we discovered, WalletConnect, has the package name ‘co.median.android.rxqnqb’ and was created using the median.co service. This service allows users to convert a website into an app for Android or iOS. The app essentially functions as a web browser that opens the specified site. Median.co enables configuration of the app icon, status bar, link-click behavior, initial URL, and other parameters. The app was first available on Google Play on March 21, 2024, under the name ‘Mestox Calculator’. The app’s name has since been changed several times,” the researchers noted.
According to CPR, this is the first documented case of a crypto drainer intentionally targeting mobile device users, employing advanced social engineering techniques and complex strategies to evade detection.
The emergence of the first mobile crypto drainer in Google Play indicates a significant rise in cybercriminal tactics and the rapid evolution of cyber threats in the decentralized finance (DeFi) space. Our research highlights the critical need for advanced, AI-based security solutions capable of detecting and preventing such sophisticated threats.
CPR also pointed out that most of the stolen funds are still held in the attackers' wallets. This could suggest that the criminals remain active.
Comments (0)
There are no comments for now