Crypto-stealing app pulled from Google Play
Clipper sought to steal Ether from unsuspecting users
A new form of an old malware has been discovered that targets Android devices. The malware was hidden in plain sight on the Google Play store, until Google was tipped off and took it down. Clipper is a variation of another form of malware previously seen targeting Windows devices, and is capable of replacing Ether (ETH) wallet addresses copied to a clipboard with its own, allowing the criminal to steal the sender’s cryptocurrency assets.
The malware was named MetaMask, which is a popular decentralized app (Dapp) for the Ethereum network. It appeared exactly like MetaMask, but with nefarious intentions.
The scam was uncovered by the security specialists with ESET, who said, “The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds. However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.”
Lukas Stefanko, a researcher with ESET, adds, “This attack targets users who want to use the mobile version of the MetaMask service, which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app—only add-ons for desktop browsers such as Chrome and Firefox.”
After ESET informed Google of the malware, they moved quickly to take it down. Reportedly, the app only survived on the site for a few days, but Google supposedly has practices in place that are meant to prevent malware and other malicious programs from being uploaded. This one apparently snuck through.