WalletConnect Scam: A Case Study in Crypto Drainer Tactics
Sept. 26, 2024, 6:10 p.m.
Description
An investigation uncovered a malicious app on Google Play targeting mobile users to steal cryptocurrency. The app, posing as a legitimate WalletConnect tool, used advanced evasion techniques to avoid detection for nearly five months. It achieved over 10,000 downloads through fake reviews and branding. The attackers used social engineering and a modern crypto drainer toolkit, stealing approximately $70,000 from over 150 victims. The malware, identified as MS Drainer, supports multiple blockchains and employs sophisticated methods to drain user wallets. This case highlights the growing sophistication of cybercriminal tactics in decentralized finance, emphasizing the need for vigilance among users and improved security measures in app stores.
Tags
Date
- Created: Sept. 26, 2024, 5:54 p.m.
- Published: Sept. 26, 2024, 5:54 p.m.
- Modified: Sept. 26, 2024, 6:10 p.m.
Indicators
- ea526792150e71402f896ddaf1f04aedcb1356aea3bfebbcaf6c90bcdde7aa0c
- bf557e975733c113acc38daa18ca1849a1022b4c30b118899f68210cd3c7f990
- 42330ccaaacea8a18794c7e9fad100de31ea415bff7821e407b9ac70ef690032
- web3protocol.online
- mestoxcalculator.com
- cakeserver.online
Attack Patterns
- MS Drainer
- T1204.003
- T1056.004
- T1608.001
- T1102.002
- T1528
- T1534
- T1585.001
- T1185
- T1204.001
- T1059.007
- T1055
- T1219