Crypto-stealing app discovered on Google Play store

Ceria Alfonso
Febrero 12, 2019

Researchers last week found the first Android app on the Google Play store that monitors a device's clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attacker's control. According to researchers from IT security company Eset, the app impersonated a browser-based service created to run decentralized Ehtereum apps without running a full Ethereum node.

Typically, cryptocurrency wallet addresses are long strings of characters for security purposes.

Not only did the clipper malware give attackers access to wallet addresses users had copied with their Android phone, but it also allowed attackers to replace the copied address with a different wallet address.

MetaMask does not now offer an app product for mobile devices. ESET reported the app to Google, and it was taken down.

More news: Russian Federation to disconnect from the internet as part of a planned test

This time around, the malicious app targetted cryptocurrency users. While there is a legit website called MetaMask that offers "a secure identity vault, providing a user interface to manage your identities on different sites and sign blockchain transactions", there are only add-ons available for Chrome, Firefox, Opera, and the courageous browser.

ESET points out that there have been other fake MetaMask apps on the Google Play Store that used phishing techniques in an attempt to steal personal information that could be used to break into a victim's online wallet.

Do not sideload apps. "In August 2018, the first Android clipper was discovered being sold on underground hacking forums and since then, this malware has been detected in several shady app stores".

If the developer of an app listed in the Google Play Store does not have a website, stay away. If you use the clipboard, make sure that what you are pasting is what you meant to paste.

Otros informes por

Discuta este artículo