Cybersecurity firm Check Point Research (CPR) shared on Thursday that it has “uncovered a malicious app on Google Play designed to steal cryptocurrency marking the first time a drainer has targeted mobile device users exclusively. ”

The app, which remained active for nearly five months, exploited the trusted Walletconnect protocol and tricked users through fake branding and social engineering tactics. The cybersecurity firm detailed that before the app was removed from Google Play:

It managed to victimize over 150 users, resulting in losses exceeding $70,000.

The attackers used the Walletconnect name to appear legitimate, achieving over 10,000 downloads by manipulating search rankings and using fake reviews. According to CPR, “Advanced social engineering” played a crucial role in deceiving users into downloading the app and connecting their cryptocurrency wallets. Once users interacted with the app, it prompted them to sign malicious transactions, allowing attackers to drain their digital assets silently.

The report mentioned, “Not all of the users who downloaded the drainer were affected,” adding:

Some didn’t complete the wallet connection, others recognized suspicious activity and secured their assets, and some may not have met the malware’s specific targeting criteria.

Further analysis by CPR revealed that the app avoided detection using sophisticated obfuscation techniques and anti-analysis methods, even bypassing Google Play’s security checks. The attackers used advanced redirection and encryption tactics to mask their true intentions. The app relied heavily on external malicious scripts, complicating detection and allowing attackers to remain hidden. CPR emphasized, “This incident highlights the growing sophistication of cybercriminal tactics,” especially in decentralized finance, where users often rely on third-party protocols to manage digital assets.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。