Crypto Wallet Drainer App Identified on Google Play Store, Report Suggests $70,000 Stolen

A report by Check Point Research (CPR) uncovered a crypto pockets draining app on the Google Play Store, masquerading as the favored WalletJoin app. CPR discovered that the app used “superior evasion methods” to steal $70,000 (roughly Rs. 58.6 lakh) over 5 months from unsuspecting customers. The malicious app, named “MS Drainer” after an evaluation of its JavaScript code, is a part of a rising development of more and more refined crypto scams. Recent FBI studies additionally warn that cybercriminals have change into extra environment friendly in executing international assaults.

“Check Point Research (CPR) uncovered a malicious app on Google Play Store designed to steal cryptocurrency marking the primary time a drainer has focused cellular gadget customers completely. To pose as a respectable software for Web3 apps, the attackers exploited the trusted title of the WalletJoin protocol, which connects crypto wallets to decentralised apps,” the report said.

The crypto pockets app, that has now been eliminated, managed to amass over 10,000 downloads. The pretend platform emerged on prime of the search on Google Play Store on looking for ‘WalletJoin’ owing to a number of opinions that the CPR report flagged as ‘pretend’.

What is WalletJoin

WalletJoin is an open-source protocol that connects decentralised apps (dApps) with crypto wallets via QR codes, permitting customers to work together with blockchain-based apps with out exposing their non-public keys.

According to Check Point Research (CPR), a pretend app mimicking WalletJoin’s look and capabilities was created utilizing the online service Median.co. The app, initially named “Mestox Calculator,” was printed on the Google Play Store on March 21, 2024, with its title modified a number of instances since then.

“An inexperienced person may conclude that it’s a separate pockets software that must be downloaded and put in. Attackers hijack the confusion, hoping that customers will seek for a WalletJoin app within the software retailer,” the report famous.

The X deal with of WalletJoin acknowledged the event in a be aware to its followers.

How Did WalletConnet’s Malicious Dupe Work

Upon obtain, the pretend app rapidly prompted customers to attach their crypto wallets. When customers clicked the pockets buttons, they had been redirected to a malicious web site by way of a deep hyperlink. To confirm their wallets, the web site requested customers to approve a number of transactions consecutively, unknowingly authorizing fraudulent exercise.

“We assume that customers set up this malicious app to attach their pockets to Web3 purposes that don’t help direct connections to wallets like MetaMask, Binance Wallet, or Trust Wallet, however solely use the WalletJoin protocol. They seemingly anticipate the downloaded WalletJoin app to operate as a kind of proxy. Therefore, the connection request doesn’t seem suspicious,” the report defined.

The CPR, in its report, stated incidents like these spotlight the advance nature of methods which can be getting used to focus on the crypto sector, that’s presently valued at $2.27 trillion (roughly Rs. 1,90,20,364 crore). The web site has strongly instructed customers stay vigilant and cautious of the purposes they obtain, even after they seem respectable.

Back in 2023, a Sophos report acknowledged that crypto scammers have been fishing for victims on Android techniques utilizing AI instruments. Crypto fraudsters had been additionally recognized to be exploiting commercials on Google Search to advertise rip-off web sites.