Wallet Scam: A Case Study in Crypto Drainer Tactics

Sept. 27, 2024, 9:40 a.m.

Description

A malicious app on Google Play, posing as WalletConnect, targeted mobile users to steal cryptocurrency. The app evaded detection for five months, achieving over 10,000 downloads. It used advanced social engineering and modern crypto drainer toolkit, stealing approximately $70,000 from victims. The attackers exploited user confusion about WalletConnect, creating a convincing fake app. The malware, identified as MS Drainer, supports various EVM blockchains and employs sophisticated techniques to drain assets. It uses encrypted communication with a C&C server and leverages smart contracts for fund extraction. The incident highlights the growing sophistication of cybercriminal tactics in decentralized finance.

External References

https://research.checkpoint.com/2024/wallet-scam-a-case-study-in-crypto-drainer-tactics/
https://otx.alienvault.com/pulse/66f67826fb3dbe20f9c74b40
Tags
social engineering
mobile malware
2024-09-27
crypto drainer
walletconnect

Date

  • Created: Sept. 27, 2024, 9:17 a.m.
  • Published: Sept. 27, 2024, 9:17 a.m.
  • Modified: Sept. 27, 2024, 9:40 a.m.

Indicators

  • ea526792150e71402f896ddaf1f04aedcb1356aea3bfebbcaf6c90bcdde7aa0c
  • bf557e975733c113acc38daa18ca1849a1022b4c30b118899f68210cd3c7f990
  • 42330ccaaacea8a18794c7e9fad100de31ea415bff7821e407b9ac70ef690032
  • https://web3protocol.online/server.php?__id=a98fdf84-1d17-11ef-a38c-44a842484069
  • https://go.cb-w.com/dapp?cb_url=https://connectprotocol.app/gate/wc/
  • web3protocol.online
  • mestoxcalculator.com
  • cakeserver.online
Download all indicators here!

Attack Patterns

  • MS Drainer