Experts said on Friday that Google Play is caught hosting yet another malicious app which is designed to steal cryptocurrency from users. The malware the app has worked as replacing the clipboard copied wallet address of the users to the one belonging to the attackers – an expert said in a blog post.
With that malware, the users used this app to transfer cryptocurrency coins into their digital coins wallet, transferred coins into the wallet belonging to the attackers instead.
This clipper malware has targeted Windows computers since 2017. Moreover, if you remember that last year a botnet known as Satori was updated to infect crypto coins mining computers with a malware which similarly changed the wallet addresses.
This clipper malware is available in a service called MetaMask in Google Play which is specially designed to allow browsers to run the apps which work with Ethereum coin. The main purpose of this malware was to steal the credentials details needed to get access to the Ethereum funds.
This app replaced both bitcoin and Ethereum wallet addresses copied to clipboard to the ones belonging to attackers.
Lukas Stefanko who is a malware researcher in Eset wrote that
This attack targets user who want to use the mobile version of the MetaMask service, which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app—only add-ons for desktop browsers such as Chrome and Firefox.
Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims’ cryptocurrency funds.
This is yet another app found with malware after many others caught previously. This shows that Google cannot be trusted to keep the malware out of Google Play. This discovery leaves the responsibility on the end users who must install the apps they are needed to. Even those must be installed after a fair amount of research.
They can go to the official developer’s website who have developed a particular application. As the official website of MetaMask has not mentioned about any Android app which means that someone has stole it’s identity to steal cryptocurrency from the users