The app was shaped in such a way as to stealthily carry out its intended purpose, as it took five months, going through two subsequent versions, before any detection could occur or it was removed from the store saw it. Its first deployment on Google Play was in March 2024.
After studying the issues presented in the wallet application, dumpster fire of airdrop, one of the losers in the cryptocurrency and probably one of the first airdrop wallets that came with airdrop targeting Android mobile devices fitted with current app evasion methods, it became clear that the airdrop was targeting a new vertical.
How this app avoids detection
Interestingly, this mock up uses the WalletConnect application Web3 which links various cryptographic wallets to Dapp’s under Chain Anatomy for Malta. As per the reports, the victims were taken for about $70,000 (or $5.86 crores) worth of crypto in a span of five months by the scammers.
Furthermore, obtained artificial positive reviews, and aggressive usage of the most sophisticated cryptocurrency siphoning suite, allowed to boost the app’s downloads to over 10 thousand by search manipulation.
What techniques do hackers use to steal data?
Connecting with Wallet Connect may sometimes prove to be challenging for various reasons. For example, there is a chance that not all wallets support the walletconnect feature. Sometimes users do not upgrade. Reportedly hackers took advantage of these challenges and seduced users that these fake apps were offering an easy way out.
Once the users install a malicious WalletConnect app which they have downloaded, they are requested to connect their wallet. The criminals also deployed phishing websites and applications posing as real crypto platforms to obtain authorization from users’ crypto wallets and illicit funds transfer by the Drainer app to hackers.
Some 20 users who were defrauded wrote scathing reviews on Google Play, many of whom were refund seekers whose accounts were fraudulently drained, but within a short period of time, those pages were inundated with fake positive reviews created by malware developers and other criminals to defend the negative reviews and make the application appear trustworthy to other potential victims.