First crypto clipper malware on Google Play, MetaMask a victim

The crypto world is today, meeting the first malware found on Google Play.

In fact, MetaMask, the decentralized app, is, now, facing a crypto scam problem. Recently, the cybersecurity company ESET, reported that malware was uploaded on Google Play, under the same name.

According to this research, the malware replaces a wallet address in the clipboard in order to steal crypto. It was previously limited to Windows or “shady” Android app stores.

malware android

The malware, known as a ‘Clipper,’ replaces copied cryptocurrency wallet addresses with an address belonging to an attacker in the hope funds will be sent elsewhere without the user noticing.

Most of the users tend to copy and then paste the addresses using the clipboard. “Clipper” takes advantage of this by intercepting the content of the clipboard in order to replace it.

If a crypto transaction happens, the user ends up with the copied wallet address switched to another one belonging to the attacker. This dangerous form of this malware was first made its rounds in 2017 on the Windows platform and was spotted in these “shady” Android app stores in 2018.

This recent discovery marked the first time such malware had made it past Google’s vetting procedures, the security firm notes.

“The clipper we found lurking in the Google Play store, detected by ESET security solutions as Android/Clipper.C, impersonates a legitimate service called MetaMask, […] The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds. However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.”

Are there any solutions?

  • Keep your Android device updated and use a reliable mobile security solution
  • Stick to the official Google Play store when downloading apps
  • Check the official website of the app developer or service provider for the link to the official app. If there is not one, consider it a red flag.
  • Double-check every step in all transactions that involve anything valuable, from sensitive information to money.
  • When using the clipboard, always check if what you pasted is what you intended to enter.

Considered as one of the oldest Ethereum based decentralized apps, MetaMaka has fallen victim to the malicious scheme before. During July, last year, the Google developers pulled the app what leaves today MetaMask a target to different problems.

By the end of 2018, MetaMask confirmed its plans to launch a mobile app by the end, which seems today necessary for the sake of its community.


Khalil Liouane

Computer Engineering student, interested in blockchain tech startups creating innovative solutions that can shape a better future.If you are one of those startups email me:

Leave a Reply

Your email address will not be published. Required fields are marked *