‘Clipper’ crypto-stealing malware found on Google Play

Getting your Trinity Audio player ready...

Just like there will always be those dimwitted individuals who try to rob banks, there will always be the same in the digital realm. Things like ID theft and account hacks are nothing new on the Internet, and it shouldn’t surprise anyone that they would also be seen with cryptocurrencies. The biggest difference is that it’s actually harder to get away with crypto theft, since all wallet addresses are traceable and the crypto community is all too happy to track down malicious activity. This isn’t stopping some unscrupulous individuals from trying, though, and another crypto malware has now been identified. Like some of its predecessors, this one was found on the Google Play store. 

According to Ars Technica, Clipper was created to try and steal crypto from those who downloaded the application. It was hidden in plain sight, right on the Google Play store, and is based on a similar malware found in 2017 that targeted Windows machines. 

Ars Technica explains, “The malware, which masqueraded as a legitimate cryptocurrency app, worked by replacing wallet addresses copied into the Android clipboard with one belonging to attackers, a researcher with Eset said in a blog post. As a result, people who intended to use the app to transfer digital coins into a wallet of their choosing would instead deposit the funds into a wallet belonging to the attackers.”

Clipper was concealed as MetaMask, an application that allows Ether (ETH) to work on corresponding apps on Google Play and allowed the cybercriminal to gain control of an ETH wallet if found on the Android device that downloaded it. Ars Technica analyst Lukas Stefanko adds, “This attack targets users who want to use the mobile version of the MetaMask service, which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app—only add-ons for desktop browsers such as Chrome and Firefox.”

Apparently, the app was added to Google Play at the beginning of this month and has already been removed. However, Google is supposed to have controls in place to prevent such apps from being uploaded. It might be time for the company to rethink its scanning and approving processes.