Cybercriminals have shifted their focus to cell units, concentrating on customers with a malicious crypto drainer app disguised because the respectable WalletConnect protocol, which remained undetected for over 5 months and was downloaded 10,000 occasions, exploited the identify of the well-known Web3 protocol to deceive customers.
Regardless of its removing from Google Play, the app victimized over 150 customers, leading to losses exceeding $70,000. This highlights the growing sophistication of cyberattacks concentrating on cryptocurrency customers and the significance of vigilance in defending digital property, Examine Level uncovered.


WalletConnect, a bridge between dApps and crypto wallets, could be exploited by means of consumer confusion. Outdated wallets or unsupported connections may make WalletConnect seem as a separate pockets app.
Free Webinar on The best way to Shield Small Companies Towards Superior Cyberthreats -> Free Registration
Attackers leverage this by inserting a faux “WalletConnect” app with optimistic faux evaluations on the high of app retailer searches. Customers who’re tricked into downloading this app expose their crypto property to theft.


A malicious app disguised as a calculator was discovered on Google Play, which exploited Median[.]co’s service to create an online wrapper app.
The app initially displayed a innocent calculator however redirected customers based mostly on IP and Person-Agent, the place the redirection bypassed Google Play’s evaluation and focused cell customers with a faux Web3Inbox interface.
The core malicious script, obfuscated with anti-debugging methods, resided on an exterior server and interacted with the consumer’s pockets by means of this faux interface, which made it troublesome to detect because the app itself didn’t require particular permissions.


MS Drainer is crypto pockets drainer malware offered for $1500 that targets a variety of EVM blockchains. Disguised as a WalletConnect app, it steals victims’ crypto property by tricking them into signing transactions.
The malware first establishes communication with a C&C server utilizing a proprietary encryption algorithm after which retrieves the sufferer’s pockets tackle and community and checks for priceless property.
To steal ERC-20/BEP-20 tokens, it exploits the “Approve” and “TransferFrom” functionalities: the consumer approves an infinite token switch for a malicious tackle, permitting the attacker to empty the pockets later.
The stolen property are despatched to a safe attacker-controlled tackle.


By analyzing stolen fund transactions on the blockchain, researchers recognized over 150 sufferer addresses related to a malicious software, whereas the attackers collected over $70,000 in stolen property.
Regardless of the massive variety of victims, solely 20 reported the rip-off by means of destructive evaluations.
The researchers at Examine Level additionally found a earlier try utilizing an identical app named “WC Calculator,” which employed the identical misleading ways and garnered over 5,000 downloads.


The malicious app exploited WalletConnect’s repute to deceive customers into putting in it from Google Play.
The attackers efficiently drained cryptocurrency from over 150 victims by leveraging social engineering and technical manipulation.
It employed redirects and user-agent checking to evade detection, making it troublesome to establish and take away, which underscores the necessity for elevated vigilance and stronger verification processes to guard customers from such subtle cyberattacks within the decentralized finance panorama.
Analyse Any Suspicious Hyperlinks Utilizing ANY.RUN’s New Secure Shopping Device: Attempt It for Free