Breach, Malware

Nearly $70K stolen by WalletConnect-spoofing crypto drainer

Share
Cryptocurrency on Binance trading app, Bitcoin BTC with altcoin digital coin crypto currency, BNB, Ethereum, Dogecoin, Cardano, defi p2p decentralized fintech market

Almost $70,000 worth of cryptocurrency has been exfiltrated from at least 150 victims by a novel crypto drainer app on Google Play purporting to be the WalletConnect tool, according to Hackread.

Check Point Research researchers discovered that installation of the fake WalletConnect app triggers a wallet connection request and the stealthy activation of the MS Drainer toolkit, which then conducts token and NFT scanning and exfiltration without being detected by targets. Aside from luring targets into approving transactions enabling fund withdrawals, attackers also bombarded the app's entry on Google Play with fake positive reviews that resulted in over 10,000 downloads during the past five months, said the report. Such findings signify the continuous evolution of decentralized finance cyber threats, noted Check Point Software's Alexander Chailytko. "This research highlights the critical need for advanced, AI-driven security solutions that can detect and prevent such sophisticated threats. Both users and developers must stay informed and take proactive measures to secure their digital assets," Chailytko added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.