Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Wallet Scam: A Case Study in Crypto Drainer Tactics

Sept. 27, 2024, 9:40 a.m.

Description

A malicious app on Google Play, posing as WalletConnect, targeted mobile users to steal cryptocurrency. The app evaded detection for five months, achieving over 10,000 downloads. It used advanced social engineering and modern crypto drainer toolkit, stealing approximately $70,000 from victims. The attackers exploited user confusion about WalletConnect, creating a convincing fake app. The malware, identified as MS Drainer, supports various EVM blockchains and employs sophisticated techniques to drain assets. It uses encrypted communication with a C&C server and leverages smart contracts for fund extraction. The incident highlights the growing sophistication of cybercriminal tactics in decentralized finance.

Date

Published: Sept. 27, 2024, 9:17 a.m.

Created: Sept. 27, 2024, 9:17 a.m.

Modified: Sept. 27, 2024, 9:40 a.m.

Indicators

ea526792150e71402f896ddaf1f04aedcb1356aea3bfebbcaf6c90bcdde7aa0c

bf557e975733c113acc38daa18ca1849a1022b4c30b118899f68210cd3c7f990

42330ccaaacea8a18794c7e9fad100de31ea415bff7821e407b9ac70ef690032

https://web3protocol.online/server.php?__id=a98fdf84-1d17-11ef-a38c-44a842484069

https://go.cb-w.com/dapp?cb_url=https://connectprotocol.app/gate/wc/

web3protocol.online

mestoxcalculator.com

cakeserver.online

Attack Patterns

MS Drainer

T1204.003

T1056.002

T1528

T1552.001

T1132.001

T1185

T1550.001

T1059.007

T1071.001

T1204.002