- Fake App designed to steal cryptocurrencies
- Criminals are going back to old tricks
- Users have been urged to remain alert
Google Play Store has found itself accidentally hosting a malicious App that’s designed to steal cryptocurrencies.
Crypto markets may still be way down, but malware is on the rise and is even infiltrating the most significant app marketplaces on the web. The malware’s primary purpose is to access and gain control over their victim’s Ethereum funds.
Crypto Malware on Google Play
The malware, christened the Clipper, according to findings by WeLiveSecurity, a branch of ESET security software firm, was discovered over the weekend. The researchers found the malware, dubbed “Clipper” prowling in the Google Play Store impersonating the legitimate service called MetaMask.
The malware, detected as Android/Clipper.C, has been previously limited to low-level Android Apps and Windows, was designed to replace cryptocurrency wallet addresses. The clipper worm monitors and diverts the clipboard software that is used to copy and paste cryptocurrency wallet addresses, once it has modified the string to the attacker it hijacks funds sent to the address to the attacker. This form of crypto jacking, which was prevalent some years ago, seems to have resurfaced.
As per the report, the researchers found the worm on Google’s official Android App Store hosted on Cnet, which is among the leading genuine software downloading portals. The Android/Clipper.C seems to be an extension of an earlier attempt to modify wallet addresses. The current version imitates MetaMask on Google Play to hoodwink users into believing there are downloading the official App. The report states:
“We spotted Android/Clipper.C shortly after it had been introduced at the official Android store, which was on February 1, 2019. We reported the discovery to the Google Play security team, who removed the app from the Store.”
MetaMask is only available as a Chrome or Firefox browser plugin, and there isn’t a mobile version of the same. Criminals are upping their game and becoming more sophisticated in inventing new methods to steal cryptocurrencies. It is now apparent that cryptocurrency users can no longer trust App store screening processes to eliminate malicious Apps since the fake MetaMask looked like the official App. Google Security team quickly pulled down the offending App from the Play Store following the by ESET. Commenting on the discovery, MetaMask said in an official Tweet:
We would appreciate if @GooglePlayDev would reserve trademarked names for apps, especially repeat phishing targets like us. https://t.co/CdisrV6n8p
— MetaMask (@metamask_io) February 9, 2019
ESET has advised users to ensure their devices are updated and always to authenticate the wallet addresses they copy to the clipboard to remain safe from such mobile malware. This is not the first time MetaMask is being targeted.