Recently, Cybersecurity firm, ESET issued a warning against a malicious app that was available on the Google Play Store and operating with a motive to steal users’ cryptocurrency.
WeLiveSecurity explained the entire issue in an official blog post. It stated that the cryptocurrency addresses comprise of long strings of alphanumeric characters and in maximum cases, users just copy and paste the particular addresses while filling out invoices and executing transactions. The latest malware program known as ”Clipper” was “intercepting” the clipboard content of crypto users and then was replacing the user’s address with one belonging to the attacker.
In the blog, it stated “For security reasons, addresses of online cryptocurrency wallets are composed of long strings of characters. Instead of typing them, users tend to copy and paste the addresses using the clipboard. A type of malware, known as a “clipper”, takes advantage of this. It intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert. In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker.”
Further, these types of malware programs are not new for the crypto world as similar experiences with various versions of the malware programs were witnessed in 2017 on the Windows platform. From past couple of days, the cybersecurity company has encountered a malicious Clipper program on the Google Play store which is available at the official Android app store and one even hosted on third-party platforms. Such malicious software programs implement scripts on users’ PCs which are designed to detect various crypto addresses that prevail on an operating system’s clipboards and then hacker replace the user’s address with one that looks same to the victim’s address, where a hacker uses different strategy such as the first and last few characters may be same as the user’s crypto address to ignore doubts, but actually the current fake address belongs to the hacker.
During last August, the first Android clipper was found which was sold on secret online forums. As per WeLiveSecurity, a similar kind of Android-based malware has been experienced in “several shady app stores.” Although, the clipper identified by WeLiveSecurity’s researchers was “lurking” in Google’s Play Store which was popularly known as “Android/Clipper.C.” it gets operated by imitating a lawful wallet known as MetaMask. As soon as users download the program, the malicious clipper gains access to the victim’s accreditation along with their confidential keys that enable them to connect and steal the user’s cryptocurrency from their own address.
Eset explained that “The clipper we found lurking in the Google Play store, detected by ESET security solutions as Android/Clipper.C, impersonates a legitimate service called MetaMask. The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds. However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.”
The blog further explained that “We spotted Android/Clipper.C shortly after it had been introduced at the official Android store, which was on February 1, 2019. We reported the discovery to the Google Play security team, who removed the app from the Store.
This attack targets users who want to use the mobile version of the MetaMask service, which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app – only add-ons for desktop browsers such as Chrome and Firefox.
Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims’ cryptocurrency funds.”
The cybersecurity company, ESET has detected such malicious software on the Play Store at the beginning of this month and the same was reported to Google and now the problem has been taken care efficiently. ESET’s security team also advised that while downloading users should focus on the name as well as on the spelling of the sites they visit.
Currently, there exist numerous amount of hackers and they deploy basic phishing techniques to steal user’s login and passwords that enables to reach out the victim’s online wallets and steal their funds.