Check Point Research (CPR) team of researchers said about the threat lurking in Google Play for digital asset owners. They found the first known mobile crypto-drainer
A type of malware that can quickly and automatically withdraw funds from legitimate crypto wallets to attackers' wallets.: the application is disguised as a genuine WalletConnectWalletConnect is an open protocol that allows you to connect your crypto wallet to decentralized applications (dApps) on the Internet..
The malicious application has already been downloaded more than 10,000 times in five months. The attackers managed to steal about $70 thousand in digital assets from the wallets of at least 150 victims.
«The malicious WalletConnect app we found has a package name of «co.median.android.rxqnqb» and was created using the median.co service. This service allows users to convert a website into an application for Android or iOS. The application essentially functions as a web browser that opens the specified website. Median.co allows you to configure the application icon, status bar, behavior when clicking on a link, the initial URL, and other parameters. The application appeared on Google Play on March 21, 2024 under the name «Mestox Calculator». Later, the name of the application was changed several times» — the researchers noted.
According to the CPR, this is the first documented case of a cryptojacker targeting mobile users using advanced social engineering techniques and sophisticated strategies to avoid detection.
The emergence of the first mobile cryptojack on Google Play indicates a significant increase in cybercriminal tactics and the rapid evolution of cyber threats in the decentralized finance (DeFi) sector. Our research underscores the critical need for advanced, artificial intelligence-based security solutions that can detect and prevent such sophisticated threats».
CPR also noted that most of the stolen funds are still in the wallets of the criminals. This may indicate that the criminals are still active.
Spelling error report
The following text will be sent to our editors: