Sep 28, 2024Ravie LakshmananCryptocurrency / Mobile Security

Cybersecurity researchers have discovered a malicious Android app on the Google Play Store that enabled the threat actors behind it to steal approximately $70,000 in cryptocurrency from victims over a period of nearly five months.

The dodgy app, identified by Check Point, masqueraded as the legitimate WalletConnect open-source protocol to trick unsuspecting users into downloading it.

“Fake reviews and consistent branding helped the app achieve over 10,000 downloads by ranking high in search results,” the cybersecurity company said in an analysis, adding it’s the first time a cryptocurrency drainer has exclusively targeted mobile device users.

Over 150 users are estimated to have fallen victim to the scam, although it’s believed that not all users who downloaded the app were impacted by the cryptocurrency drainer.

The campaign involved distributing a deceptive app that went by several names such as “Mestox Calculator,” “WalletConnect – DeFi & NFTs,” and “WalletConnect – Airdrop Wallet” (co.median.android.rxqnqb).

While the app is no longer available for download from the official app marketplace, data from SensorTower shows that it was popular in Nigeria, Portugal, and Ukraine, and linked to a developer named UNS LIS.

The developer has also been associated with another Android app called “Uniswap DeFI” (com.lis.uniswapconverter) that remained active on the Play Store for about a month between May and June 2023. It’s currently not known if the app had any malicious functionality.

However, both apps can be downloaded from third-party app store sources, once again highlighting the risks posed by downloading APK files from other marketplaces.

Once installed, the fake WallConnect app is designed to redirect users to a bogus website based on their IP address and User-Agent string, and if so, redirect them a second time to another site that mimics Web3Inbox.

Users who don’t meet the required criteria, including those who visit the URL from a desktop web browser, are taken to a legitimate website to evade detection, effectively allowing the threat actors to bypass the app review process in the Play Store.

Besides taking steps to prevent analysis and debugging, the core component of the malware is a cryptocurrency drainer known as MS Drainer, which prompts users to connect their wallet and sign several transactions to verify their wallet.

The information entered by the victim in each step is transmitted to a command-and-control server (cakeserver[.]online) that, in turn, sends back a response containing instructions to trigger malicious transactions on the device and transfer the funds to a wallet address belonging to the attackers.

“Similar to the theft of native cryptocurrency, the malicious app first tricks the user into signing a transaction in their wallet,” Check Point researchers said.

“Through this transaction, the victim grants permission for the attacker’s address 0xf721d710e7C27323CC0AeE847bA01147b0fb8dBF (the ‘Address’ field in the configuration) to transfer the maximum amount of the specified asset (if allowed by its smart contract).”

In the next step, the tokens from the victim’s wallet are transferred to a different wallet (0xfac247a19Cc49dbA87130336d3fd8dc8b6b944e1) controlled by the attackers.

This also means that if the victim does not revoke the permission to withdraw tokens from their wallet, the attackers can keep withdrawing the digital assets as soon as they appear without requiring any further action.

Check Point said it also identified another malicious app exhibiting similar features “Walletconnect | Web3Inbox” (co.median.android.kaebpq) that was previously available on Google Play Store in February 2024. It attracted more than 5,000 downloads.

“This incident highlights the growing sophistication of cybercriminal tactics, particularly in the realm of decentralized finance, where users often rely on third-party tools and protocols to manage their digital assets,” the company noted.

“The malicious app did not rely on traditional attack vectors like permissions or keylogging. Instead, it used smart contracts and deep links to silently drain assets once users were tricked into using the app.”

The cryptocurrency prices on Saturday ignited substantial investor optimism across the globe. Bitcoin (BTC) price gained to cross the $66K level today, while Ethereum (ETH), Solana (SOL), and XRP mirrored an upward trajectory. Simultaneously, Pepe Coin (PEPE) led the broader market gains, soaring nearly 20%.

Meanwhile, the global crypto market cap jumped 2.43% over the past day to $2.33 trillion. However, the total market volume witnessed an 8.26% decline in value to $78.21 billion today. Here’s a brief collection of some of the top cryptocurrencies by market cap and their price run on September 28.

Cryptocurrency Prices Today: BTC, ETH, SOL, & XRP Pump

BTC price topped the $66K level today, whereas ETH neared $2,700. Simultaneously, SOL and XRP prices gained 1-3% in the past 24 hours. Whereas, PEPE, NOT, and FLOKI emerged among the day’s top gainers. Let’s take a closer look at the crypto prices today.

Bitcoin Price Today

BTC price gained 1.5% at the time of reporting and is currently trading at $66,093. The coin’s intraday low and high were recorded as $65,107.12 and $66,255.53, respectively. Today’s rising price action falls in line with the broader market trend. Also, it’s worth mentioning that spot Bitcoin ETFs recorded $494.45 million worth of inflows as of September 27, aligning with the pumping price action. However, Bitcoin’s dominance from yesterday slipped 0.20% to 56.13%. Besides, the flagship crypto’s market cap rested at $1.31 trillion today.

Ethereum Price Today

ETH price chart illustrated a nearly 2% increase in value to reach $2,691 today. The coin’s intraday low and high were recorded as $2,637.98 and $2,728.07, respectively. Notably, even spot Ethereum ETFs registered $58.65 million worth of inflows as of September 27, per Soso Value data. Ethereum’s market cap rested at $323.92 billion today. Whale Alert data for the past day indicated increased whale activity, adding to the intrigue surrounding the asset’s price movements.

Solana Price Today

The crypto SOL witnessed a 2% jump in price today and is currently trading at $158. The coin’s 24-hour low and peak were recorded as $155.68 and $160.98, respectively. Solana’s market cap rested at $74.38 billion today. A recent CoinGape Media report reveals that the coin’s price gained against the backdrop of bullish on-chain data for SOL.

XRP Price Today

Simultaneously, XRP price witnessed a 1% increase in value to reach $0.5904 today. The coin’s intraday low and high were recorded as $0.5853 and $0.597, respectively. XRP’s market cap rested at $33.38 billion today.

Meme Coins Performances Today

On the other hand, Dogecoin (DOGE) price gained nearly 6% in the past 24 hours to reach $0.1259. Similarly, Shiba Inu (SHIB) price soared roughly 10% in the past 24 hours to reach $0.00002097. Meanwhile, PEPE and FLOKI surfed along the day’s top gainers.

Top Cryptocurrency Gainers Prices Today

Pepe Coin

PEPE price surged by a whopping 20% in the past 24 hours and is currently trading at $0.00001135. The coin’s 24-hour low and high were $0.000009646 and $0.0000115, respectively.

Notcoin

NOT price mirrored a bullish sentiment, gaining nearly 16% to $0.00988 today. The crypto’s intraday low and high were $0.008649 and $0.01063, respectively.

FLOKI

FLOKI price noted a 10% uptick in value to reach $0.0001709 today. The coin’s 24-hour low and high were $0.0001571 and $0.0001763, respectively.

Top Cryptocurrency Losers Prices Today

Popcat

POPCAT price slipped over 5% to rest at $0.9436 today. Its 24-hour low and high were $0.9169 and $1.08, respectively.

eCash

XEC price waned nearly 4% over the past day to reach $0.00003823. The coin’s intraday low and high were $0.00003779 and $0.00003941, respectively.

Sei

SEI price noted a 3% decrease in value to reach $0.4566 today. The coin’s intraday low and high were $0.4545 and $0.4796, respectively.

Besides, the hourly time frame charts sparked further speculations over the cryptocurrency prices today. BTC waned 0.04%, while ETH gained 0.02%, igniting uncertain investor sentiments across the broader market.

Coingape Staff

Advertisement

CoinGape comprises an experienced team of native content writers and editors working round the clock to cover news globally and present news as a fact rather than an opinion. CoinGape writers and reporters contributed to this article.

Disclaimer: The presented content may include the personal opinion of the author and is subject to market condition. Do your market research before investing in cryptocurrencies. The author or the publication does not hold any responsibility for your personal financial loss.