Malware designed to intercept and replace virtually-copied crypto addresses with those belonging to hackers has been found in the fake MetaMask app available until recently on Google Play.
As indicated by cybersecurity firm, WeLiveSecurity, the malicious app, “Android/Clipper.C” was, “…spotted shortly after it was introduced at the official Android store, which was on February 1, 2019.”
The firm says that it reported the infected app to Google Play, and it has been removed from the platform now.
In the meantime, any user who mistakenly downloaded the malicious Ethereum “MetaMask” app, may have had their crypto sends and receives compromised –
“For security reasons, addresses of online cryptocurrency wallets are composed of long strings of characters. Instead of typing them, users tend to copy and paste the addresses using the clipboard. A type of malware, known as a ‘clipper,’ takes advantage of this. It intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert. In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker.”
The malware’s presence on Google Play Store was reportedly new –
“This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018. In February 2019, we discovered a malicious clipper on Google Play, the official Android app store.”
Malicious apps copying MetaMask, designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node, are not new –
“Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims’ cryptocurrency funds.”
Crypto users are recommended to always double check the crypto addresses, whether copying-and-pasting them or not. Because, one mistake in the long alphanumeric addresses will result in the crypto tokens either failing to send or being miss-sent.