Cryptocurrency stealing malware app has been found on Google Play which is created to tamper wallet address of Android users.
According to welivesecurity, the Eset security team found a malware is known as “clipper”. This malware is used to steal cryptocurrency from Android users and was discovered in the Google Play Store.
How Does it Steal Cryptocurrency?
Most of the mobile users using cryptocurrency apps have to type a long string of wallet addresses. So instead of typing the wallet address most users copy and paste it in their application. Thus this “clipper” malware replaces the wallet address with the one used by the attacker. So if any cryptocurrency is being sent it will be sent to the attacker’s wallet.
This malware application was found by the ESET security team. It was impersonating as a MetaMask app on Play Store.
MetaMask is used to run Ethereum decentralised applications in the browser. But the official service does not offer a mobile app and only supports as add-ons for desktop browsers like Chrome and Firefox.
The ESET researcher added in their post,
Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims’ cryptocurrency funds.
After discovering the malware app ESET informed the Google Play security team and the application was removed from the Play Store.
Mainly we see that this attack was meant for the MetaMask service users.
How to be safe from Clipper Malware?
Best way to be secure using android apps is to verify the developer of the application which you are downloading if it is official or not.
Also, cross check the wallet address which is copied and pasted manually so that if there is any change can be detected.
Always preferably download apps through the Official Google Play Store and not from other unknown sources.
Do you know any other ways to secure from Clipper malware? Let us know in the comment comments below.
Join the newsletter to receive the latest updates in your inbox.