Scammers have successfully stolen over $70,000 from users through a fraudulent application disguised as WalletConnect. Though lucrative, they designed an app, which duped more than 150 persons into granting access to their crypto wallets. Check Point Research uncovered the incident, highlighting how mobile apps can be exploited to target cryptocurrency owners.
Deceptive App Avoids Detection
The malicious app, called “Mestox Calculator,” appeared on the Google Play Store in March 2024. It used a simple calculator interface to fool users and avoid detection. To remain unnoticed, the app changed its name several times. These tactics helped it stay on the platform for over five months. During this time, it was downloaded more than 10,000 times. Once installed, the app secretly redirected users to a backend that hosted MS Drainer. This software drained users’ wallets when they connected them and approved permissions.
Indian Supreme Court YouTube Channel Hacked for XRP ScamNot everyone who downloaded the app was affected. Only those who linked their wallets or met the malware’s specific targets had their funds stolen. The app tricked users into giving permissions under the pretense of “verifying” their wallets. This gave the attackers full control to transfer large sums from those wallets.
Malware Exploits Google Play
The fake app managed to bypass Google Play Store’s security checks. It used a basic calculator design to hide its true intent. By regularly changing names and gathering fake reviews, the app gained a high ranking in search results.
This led to its widespread download and use. Despite the deceptive methods, the app went undetected for months. After being downloaded more than 10,000 times, it was finally removed from the store.
Mobile Attacks Increase
This is the first time that a drainer app is targeting the mobile users alone. It particularly changes the dynamics of crypto-targeted scams in a worrying way.
Although the app is no more available, the development in the mobile targeted malware is evident. Other types of the attack remain active, and those who own cryptos are advised to avoid inputting the wallet into strange applications.
