IT security specialists from ESET discovered a new type of cryptocurrency-stealing malware, a so-called “Clipper,” in some Google Play Store applications. ESET reported their worrying findings to Google which was quick to remove the infected apps.
It seems that the new type of malware employed a very straightforward method to steal cryptocurrency from wallet users. To transfer crypto to another account, users need to enter the recipient’s address in their wallet application. But, these crypto addresses are long and challenging to enter manually, so many users copy-paste them.
The cryptocurrency-stealing malware steps in and replaces the copied address with the one operated by its developers. It does that by surveying the system’s clipboard, and the replacement takes place automatically when the malware detects something looking like a crypto wallet address. Besides, this malware also stole the user’s credentials and private keys off the system’s clipboard.
Cryptocurrency-Stealing Malware Spotted On Google Play Store, Removed By Google
The so-called “Clipper” cryptocurrency-stealing malware has been affecting Windows users since 2017. However, its Android variant came out in mid-2018, but it was only affecting Android apps outside of Google Play Store. Now, ESET spotted the cryptocurrency-stealing malware known as “Clipper” in several apps on Google Play Store.
One of the apps ESET revealed as infected with “Clipper” is the MetaMask App. The thing is the original and legitimate MetaMask, an Ethereum-based DApp, is not having an Android app. So, the MetaMask application on the Google Play Store is a third-party application designed by cyber criminals to steal cryptocurrency funds. “We would appreciate if Google Play Devs would reserve trademarked names for apps, especially repeat phishing targets like us,” the original MetaMask DApp’s devs said on Twitter.
Undoubtedly, keeping the security of Google Play Store apps is a challenging task for Google since dozens of new apps are coming out daily. In our case, luckily, thanks to ESET, Google removed MetaMask and other apps affected by the “Clipper” cryptocurrency-stealing malware.