Description
An investigation uncovered a malicious app on Google Play targeting mobile users to steal cryptocurrency. The app, posing as a legitimate WalletConnect tool, used advanced evasion techniques to avoid detection for nearly five months. It achieved over 10,000 downloads through fake reviews and branding. The attackers used social engineering and a modern crypto drainer toolkit, stealing approximately $70,000 from over 150 victims. The malware, identified as MS Drainer, supports multiple blockchains and employs sophisticated methods to drain user wallets. This case highlights the growing sophistication of cybercriminal tactics in decentralized finance, emphasizing the need for vigilance among users and improved security measures in app stores.
Date
| Published | Created | Modified |
|---|---|---|
| Sept. 26, 2024, 5:54 p.m. | Sept. 26, 2024, 5:54 p.m. | Sept. 26, 2024, 6:10 p.m. |
Indicators
ea526792150e71402f896ddaf1f04aedcb1356aea3bfebbcaf6c90bcdde7aa0c
bf557e975733c113acc38daa18ca1849a1022b4c30b118899f68210cd3c7f990
42330ccaaacea8a18794c7e9fad100de31ea415bff7821e407b9ac70ef690032
Attack Patterns
MS Drainer
T1204.003
T1056.004
T1608.001
T1102.002
T1528
T1534
T1585.001
T1185
T1204.001
T1059.007
T1055
T1219