Fake MetaMask App Pulled from Google Play Store
The Google Play store pulled out app that runs on the Android OS after it was discovered to be clandestinely stealing bitcoin from unsuspecting users, Forbes reported on February 11, 2019.
The number of scams involving cryptocurrencies doesn’t seem to be dwindling despite the bear market, causing thousands of users to lose not only their funds but their trust in the industry as a whole. While there are dozens of different ways scammers steal cryptocurrencies, last week saw the first reported case of a malware making its way into the official Android app online shop.
On February 1, cybersecurity firm ESET has issued a warning against a malicious app that was available on the Google Play Store. The app was reportedly stealing users’ cryptocurrency by impersonating a legitimate service called MetaMask.
The app contained a new type of malware program called “Clipper,” which had reportedly been “intercepting” the clipboard content of crypto users, a blog post published by WeLiveSecurity revealed. The purpose of the malware was to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds. However, it was also reported that it could replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.
Crypto Stealing Malware is Commonplace
“Cryptocurrency stealers that replace a wallet address in the clipboard are no longer limited to Windows or shady Android app stores,” Eset security researcher Lukas Stefanko wrote.
He added that several other malicious apps have been caught impersonating MetaMask on Google Play and have been quickly removed by the service.
Stefanko said that the appearance of clipper malware on Google Play serves as a reminder to Android users to up their mobile security and keep an eye on fraudulent apps.
MetaMask, which only offers add-ons for desktop browsers such as Chrome and Firefox, is not the only target for scammers. Security researchers have previously found bitcoin and cryptocurrency stealing software on download.cnet.com, one of the world’s most popular software-hosting sites, Forbes reported.
According to Stefanko, this dangerous form of malware first made its rounds in 2017 on the Windows platform. In August 2018, ESET researches discovered the first Android clipper that was being sold on underground hacking forums. In less than six months after it was first spotted, the malware has been a regular occurrence on several app stores that run on Android.