A dangerous crypto wallet drainer disguised as the popular WalletConnect app managed to stay undetected on Google Play for over five months, stealing more than $70,000 from unsuspecting users, according to a report by IT security firm Check Point Research.
The app, which fraudulently posed as WalletConnect, exploited “advanced evasion techniques” to trick users into connecting their wallets and giving access to their crypto assets. First launched in March, the malicious app managed to gather over 10,000 downloads by using fake reviews and consistent branding, pushing it high up in search results.
The attackers cleverly used a harmless calculator app as a front to bypass Google’s app review process. Depending on the user’s IP address, they would be redirected to the wallet-draining software known as MS Drainer. The app then silently transferred the maximum amount of crypto assets from victims’ wallets, starting with the most valuable tokens.
Although over 150 users were affected, not all were scammed. Some users either didn’t connect their wallets or detected the scam in time. The app has since been removed from the Google Play store, but the incident highlights the growing sophistication of crypto-related scams.
Check Point Research emphasized that even legitimate-looking apps can pose significant risks, urging both app stores to improve their verification processes and the crypto community to continue educating users about potential dangers in the Web3 space.