Malicious app on Google Play stole more than $70,000

The company Check Point Research, specializing in IT security, discovered a crypto wallet draining app in the Google Play store, which used advanced evasion techniques to steal over $70,000 in five months.

The first attack on mobile users

The company reported that this is the first case where the program specifically targeted mobile users.

Representatives added that fake reviews and consistent branding helped the app achieve over 10,000 downloads, ranking high in search results.

Fraud victims

Not all app users were affected, as some either did not connect a wallet or realized it was a scam. Others may not have met the specific targeting criteria of the malicious software.

Appearance on Google Play

The app was initially published under the name "Mestox Calculator" and changed several times, although its URL still pointed to a seemingly harmless website with a calculator.

However, depending on the user's IP address location and whether they were using a mobile device, some were redirected to the malicious app’s backend, which contained the MS Drainer wallet owner software.