A malicious application masquerading as MetaMask for Android phones has been caught on the Google Play Store. The malware switches the Bitcoin and Ethereum addresses of its victim found on the clipboard to that of an attacker. It also spies on credentials and private keys to steal Ethereum, according to We Live Security.
Malicious Application Claims to be Android Version of MetaMask
Reportedly, a malware called clipper was found on an application that claims to be the MetaMask version for Android smartphones. The app was launched on Google Play on February 1, 2019, and it is capable of stealing people’s cryptocurrencies. What it does, is to replace the Bitcoin or Ethereum address copied by a user, with that of the actor behind the crime.
Also, clipper begins its operation when the application is launched, and a person tries to send funds from the app. As a result, funds transferred without cross-checking the address will likely end up in the attacker’s wallet. Other than swapping addresses, clipper also can monitor the user’s credentials and private keys to steal Ethereum at a later time.
Android/Clipper.C’s Malware Operation Was First Noted in 2017
Android/Clipper.C, a name given to the supposed Metamask application is a malware whose operation was first discovered on Windows Operating System in 2017. In 2018, the first clipper was discovered on Android smartphones, and it began trading on forums where illegal products are exchanged.
MetaMask, on the other hand, allows users to launch decentralized apps directly from web browsers with the help of an extension. So far, there has been no version launched for Android smartphones. However, fake versions of the app have been released occasionally on Android markets. One of such was able to track private keys even though this is the first case of an Android/Clipper.C that switches addresses.
Protecting the Users Funds From Being Stolen
While We Live Security may have created an awareness about the false app which led to its removal from Google Play, they also outlined ways on how to protect funds from being stolen. This includes verifying from the official website itself if there is a version of that app for a particular operating system. Another is ensuring that the address that has been inserted before transactions coincides with what was copied.
The popularity of cryptocurrency and its massive adoption has also created a problem. There has been a rise in the number of criminal activities such as SIM swapping which are all geared at illegally obtaining digital currencies. BTCNN reported a similar event on January 22 of a malware which hijacks mining machines in China and replaces their Bitcoin address.