Cryptocurrency Stealing Application Caught on Google Play Store

A malicious application masquerading as MetaMask for Android phones has been caught on the Google Play Store. The malware switches the Bitcoin and Ethereum addresses of its victim found on the clipboard to that of an attacker. It also spies on credentials and private keys to steal Ethereum, according to We Live Security.

Malicious Application Claims to be Android Version of MetaMask

Reportedly, a malware called clipper was found on an application that claims to be the MetaMask version for Android smartphones. The app was launched on Google Play on February 1, 2019, and it is capable of stealing people’s cryptocurrencies. What it does, is to replace the Bitcoin or Ethereum address copied by a user, with that of the actor behind the crime.
Also, clipper begins its operation when the application is launched, and a person tries to send funds from the app. As a result, funds transferred without cross-checking the address will likely end up in the attacker’s wallet. Other than swapping addresses, clipper also can monitor the user’s credentials and private keys to steal Ethereum at a later time.

Android/Clipper.C’s Malware Operation Was First Noted in 2017

Android/Clipper.C, a name given to the supposed Metamask application is a malware whose operation was first discovered on Windows Operating System in 2017. In 2018, the first clipper was discovered on Android smartphones, and it began trading on forums where illegal products are exchanged.
MetaMask, on the other hand, allows users to launch decentralized apps directly from web browsers with the help of an extension. So far, there has been no version launched for Android smartphones. However, fake versions of the app have been released occasionally on Android markets. One of such was able to track private keys even though this is the first case of an Android/Clipper.C that switches addresses.

Protecting the Users Funds From Being Stolen

While We Live Security may have created an awareness about the false app which led to its removal from Google Play, they also outlined ways on how to protect funds from being stolen. This includes verifying from the official website itself if there is a version of that app for a particular operating system. Another is ensuring that the address that has been inserted before transactions coincides with what was copied.
The popularity of cryptocurrency and its massive adoption has also created a problem. There has been a rise in the number of criminal activities such as SIM swapping which are all geared at illegally obtaining digital currencies. BTCNN reported a similar event on January 22 of a malware which hijacks mining machines in China and replaces their Bitcoin address.

Related posts
BitcoinBitcoin NewsbtcusdBTCUSDCBTCUSDTjpmorganNewsxbtusd

Bitcoin takes priority in JPMorgan’s soon to launch “Crypto-Exposure Basket”

The largest bank in the United States is on its way to providing clients with a lens into the Cryptocurrency investment space. The news hit crypto Twitter shortly after JPMorgan filed for specific sets of documents, required for a “Cryptocurrency…
BitcoinBitcoin NewsFeaturedGrayscaleNews

Grayscale’s Parent Company DCG To Buy $250 Million In GBTC Shares

Digital Currency Group (DCG), the parent company of the world’s largest Bitcoin trust, Grayscale Bitcoin Trust (GBTC) has announced plans to buy a quarter million worth of shares of GBTC. DCG will purchase the shares on the open market through…
AdoptionBitcoinBTC Trading ViewNewsTrading View

Digital Currency Group to buy GBTC shares

Parent company of Grayscale Investments, Digital Currency Group (DCG) today announced its plans to purchase shares of Grayscale Bitcoin Trust for up to $250 million worth of shares of GBTC. DCG intThe post Digital Currency Group to buy GBTC shares…