Fake crypto app drains $70,000 from users
The app, originally named ‘Mestox Calculator,’ deceived users into granting wallet permissions, allowing attackers to drain funds.
Check Point Research has uncovered a crypto wallet drainer app that was active on the Google Play Store for over five months, stealing more than $70,000 from unsuspecting users. The malicious app masqueraded as WalletConnect, a popular tool for linking crypto wallets to decentralised finance (DeFi) apps. Despite being disguised as a legitimate app, it managed to evade detection through advanced techniques and fake reviews, gaining over 10,000 downloads.
The app, originally named ‘Mestox Calculator,’ tricked users into connecting their wallets and accepting permissions, allowing attackers to drain funds. Although not all users were affected, over 150 victims lost substantial sums. The app was eventually removed from the store, but its ability to avoid detection highlighted gaps in-app verification processes on platforms like Google Play.
Check Point Research emphasised the increasing sophistication of cybercriminals and urged both users and app stores to remain vigilant. The researchers warned that even seemingly harmless apps can pose a serious financial threat in the Web3 world, stressing the importance of educating users about these risks.