Google removed app built to steal users’ cryptocurrency from Play Store

The app could also access and replace text copied to Android's clipboard

Security researchers discovered another malicious app hosted on the Google Play Store.

This time around, the malicious app targetted cryptocurrency users. According to researchers from IT security company Eset, the app impersonated a browser-based service designed to run decentralized Ehtereum apps without running a full Ethereum node.

The service, called ‘MetaMask,’ is only available as an extension for desktop browsers like Chrome and Firefox.

However, the fake MetaMask app that made its way onto the Play Store was designed to dupe users into sharing credentials and private keys so attackers could gain control of victims’ Ethereum and Bitcoin funds.

Worse, Eset researchers said the app contained ‘clipper’ malware. Called ‘Android/Clipper.C’ by researchers, the malware could access and change text on the Android clipboard.

Typically, cryptocurrency wallet addresses are long strings of characters for security purposes. Users usually copy and paste them instead of typing them out.

Not only did the clipper malware give attackers access to wallet addresses users had copied with their Android phone, but it also allowed attackers to replace the copied address with a different wallet address. This could enable attackers to trick users into sending cryptocurrency funds to the wrong wallet.

It’s worth noting that Google plans to change how Android’s copy and paste system works in Android Q. New permissions would restrict when and how apps can access the clipboard and could potentially combat this kind of malware.

Eset says it spotted the fake MetaMask app on the Play Store shortly after it appeared on February 1st. Google removed the app after Eset notified the search giant.

Unfortunately, there’s no full-proof way to detect and avoid malicious apps like this yet. As such, users should always be cautious when downloading apps, especially if they don’t have many downloads. It’s also worthwhile to investigate official websites. In the case of MetaMask, the official website makes no mention of an Android app.

Recently, several malicious apps discovered on the Play Store stole users’ photos and pushed pornographic ads to people’s phones.

Source: Eset Via: Ars Technica