For the first time, security researchers have crypto drain malware focused exclusively on mobile users after they have discovered it in an app on Google Play.
Check Point Research (CPR) said that the app in question, WalletConnect, built more than 10,000 downloads and stolen around $ 70,000 in cryptocurrency of victims, until it was removed by Google.
For the first time uploaded in March 2024, it was designed to simulate the legitimate web3 open-source protocol walletconnect and apparently unnoticed for five months.
It was developed to prevent detection by both automated systems and manual searches, through diversions and check techniques for user agent.
Read more about Crypto -Drainers: Crypto Drainer steals $ 59 million via Google and X -Advertenties
The legitimate walletconnect has been developed to make it easier to connect decentralized applications with crypto portfolios. However, users still find it challenging because not all portfolios support it and some do not have the latest version, CPR said.
“Slimly, attackers exploited the complications of WalletConnect and used users to think that there was an easy solution – the falsified WalletConnect -app on Google Play,” it continued.
When victims download the malignant version, they are asked to connect their crypto wallet, who secretly focuses it towards a malignant website.
“Users must then verify the selected wallet and be asked to authorize various transactions,” CPR explains.
“Every user action sends encrypted messages to the assignment-and-control (C & C) server and picks up details about the wallet of the user, blockchain networks and addresses.”
The malware was apparently designed to first withdraw the more expensive crypto tokens, before he continued with the others and to carry out the process in all relevant blockchain networks.
“Only 20 users whose money was stolen left negative reviews on Google Play, which suggests that there are still many victims who may still not be aware of what happened to their money,” warned CPR.
“When the app received such negative reviews, the malware developers flooded the page with fake -positive reviews instead to mask the negative assessments and make the app look legitimate, to mislead other potential victims. Google Play has since deleted the application.”