A form of malware that steals victims’ crypto wallet addresses has been detected for the first time in an app on Play Store. IT security firm ESET on Friday published the blog spot on 08 February.
ESET is an IT security firm that offers firewall and anti-virus products. It says that the malware, known as a ‘clipper,’ prevents the content of the clipboard and if it detects the addresses of online cryptocurrency wallets the malware can replace them with addresses controlled by the attacker.
Lukas Stefanko, a malware researcher at Eset, posted on Twitter that ‘The First Android cryptocurrency clipboard exchanger found on Google Play.’
The First Android cryptocurrency clipboard exchanger found on Google Play.
Its goal is to change copied address of cryptocurrency wallet of recipient for the attacker's.
— Lukas Stefanko (@LukasStefanko) February 8, 2019
The malware-laden app imitates a service called MetaMask that provides access to ethereum decentralized applications (dApps). The malware’s was created mainly to steal MetaMask users’ credentials and private keys to be able to access their ethereum funds.
Eset blog spot stated that
“The clipper we found lurking in the Google Play store, detected by ESET security solutions as Android/Clipper.C, impersonates a legitimate service called MetaMask. The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds.”
However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with addresses controlled by the attacker.
MetaMask’s fake app description can be seen below:
The app was discarded from the Play Store after ESET reported it to Google. In response to the malware’s discovery, MetaMask tweeted ‘We would appreciate if @GooglePlayDev would reserve trademarked names for apps, especially repeat phishing targets like us.’
MetaMask, which is one of the oldest Ethereum-based dApps, has fallen victim to malicious schemes in July last year.
ESET has advised users to stay safe from clippers and other Android malware. The security firm suggested users a few security tips: use the official Google Play store when downloading apps, keep their devices updated and always double-check each step in all crypto transactions, including wallet addresses copied on a clipboard.