Description
A malicious app on Google Play, posing as WalletConnect, targeted mobile users to steal cryptocurrency. The app evaded detection for five months, achieving over 10,000 downloads. It used advanced social engineering and modern crypto drainer toolkit, stealing approximately $70,000 from victims. The attackers exploited user confusion about WalletConnect, creating a convincing fake app. The malware, identified as MS Drainer, supports various EVM blockchains and employs sophisticated techniques to drain assets. It uses encrypted communication with a C&C server and leverages smart contracts for fund extraction. The incident highlights the growing sophistication of cybercriminal tactics in decentralized finance.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 27, 2024, 9:17 a.m. | Sept. 27, 2024, 9:17 a.m. | Sept. 27, 2024, 9:40 a.m. |
Indicators
ea526792150e71402f896ddaf1f04aedcb1356aea3bfebbcaf6c90bcdde7aa0c
bf557e975733c113acc38daa18ca1849a1022b4c30b118899f68210cd3c7f990
42330ccaaacea8a18794c7e9fad100de31ea415bff7821e407b9ac70ef690032
https://web3protocol.online/server.php?__id=a98fdf84-1d17-11ef-a38c-44a842484069
https://go.cb-w.com/dapp?cb_url=https://connectprotocol.app/gate/wc/
Attack Patterns
MS Drainer
T1204.003
T1056.002
T1528
T1552.001
T1132.001
T1185
T1550.001
T1059.007
T1071.001
T1204.002