A crypto wallet drainer app posing as WalletConnect has stolen over $70,000 from unsuspecting users on the Google Play Store, according to a report by Check Point Research. The malicious app used “advanced evasion techniques” to avoid detection for over five months, tricking more than 150 users into linking their wallets.
The fake app, originally called “Mestox Calculator,” first appeared in March and underwent several name changes to stay undetected. By using a harmless calculator front, the app passed Google Play’s security checks. However, once installed, it redirected mobile users to a backend that housed the wallet-drainer software, MS Drainer.
The app fooled users by asking them to connect their wallets and approve permissions, which allowed the attackers to steal funds. Not everyone was affected — only those who connected a wallet or met the malware’s specific targeting criteria were affected.
Users are asked to accept various permissions to “verify their wallet,” which grants permission for the attacker’s address “to transfer the maximum amount of the specified asset,” Check Point Research said.
According to a report by Check Point Research, after being downloaded more than 10,000 times, the app has since been removed from the store. This is the first time a drainer app has exclusively targeted mobile users, making it a significant security concern for crypto holders.
“Fake reviews and consistent branding helped the app achieve over 10,000 downloads by ranking high in search results,” Check Point Research said.
This incident highlights the growing threat of mobile-targeted scams in the cryptocurrency space. Users should always be cautious and verify the authenticity of apps, especially when it comes to connecting their wallets to unknown platforms.