Online security firm ESET discovered an app in the Google Play Store
(via Ars Technica
) that steals cryptocurrency being deposited into online wallets belonging to cryptocurrency users. This type of malware is called a "clipper" and it works because addresses of cryptocurrency wallets are composed of long strings of characters. While this is done for security reasons, most people with such a wallet would rather copy the address and paste it using the clipboard.
The "clipper" apps replace the correct address on the clipboard with the address of the hacker's own virtual wallet, which means that the victim unknowingly could be depositing his bitcoins into the wallet of an unknown thief. While such apps were seen by ESET on the Windows platform back in 2017, and on "shady" Android app stores last year, this new "clipper" app was discovered in the Google Play Store just this month.
Ironically, the malicious app pawned itself off as a legitimate cryptocurrency app called MetaMask, and hit the Play Store on February 1st. ESET reported the app to Google, and it was taken down. While there is a legit website called MetaMask that offers "a secure identity vault, providing a user interface to manage your identities on different sites and sign blockchain transactions," there are only add-ons available for Chrome, Firefox, Opera, and the Brave browser.
ESET points out that there have been other fake MetaMask apps on the Google Play Store that used phishing techniques in an attempt to steal personal information that could be used to break into a victim's online wallet. The security firm has some hints to keep you away from clippers and malicious apps in general:
- Update your Android device in a timely fashion, and install a "reliable" security app on your phone.
- Do not sideload apps. When installing apps, stick to those listed in the Google Play Store.
- If the developer of an app listed in the Google Play Store does not have a website, stay away.
- Double check all transactions made online involving important financial matters. If you use the clipboard, make sure that what you are pasting is what you intended to paste.
This malicious app found in the Google Play Store could steal cryptocurrency deposits