Wallet Scam: A Case Study in Crypto Drainer Tactics
Essential information
- Published
- 27/09/2024 09:17
- Modified
- 27/09/2024 09:40
- Tags
- 2024-09-27 crypto drainer mobile malware social engineering walletconnect
- Related entities
- 8 observables, 10 techniques (mitre), 1 malware
Description
A malicious app on Google Play, posing as WalletConnect, targeted mobile users to steal cryptocurrency. The app evaded detection for five months, achieving over 10,000 downloads. It used advanced social engineering and modern crypto drainer toolkit, stealing approximately $70,000 from victims. The attackers exploited user confusion about WalletConnect, creating a convincing fake app. The malware, identified as MS Drainer, supports various EVM blockchains and employs sophisticated techniques to drain assets. It uses encrypted communication with a C&C server and leverages smart contracts for fund extraction. The incident highlights the growing sophistication of cybercriminal tactics in decentralized finance.