Cryptocurrency Stealing Malware Has Been Discovered On Google Play
The attack uses a remarkably simple trick to part users with their digital funds. Cryptocurrency values are assigned to a long, unique string of characters known as a wallet. In order to make a transaction, a sender typically needs to enter the recipient's wallet address in their app. This is similar to how you would put a real-world address on an envelope in order for it to be delivered to the correct location.
Clipper is also able to snatch a user's credentials and private keys off the clipboard. Once the attacker has this information, they are able to impersonate the user to siphon funds directly and irreversibly. This is one reason why cryptocurrency experts have long recommended users to store the bulk of their balance in offline cold-storage, and only keep a minimal balance on mobile wallets for daily use.
Clipper malware has been around since at least 2017 targeting Windows users. Android app variants emerged in the middle of last year, but were relegated to third-party app stores outside of Google's walled garden. This latest finding snuck through Google's defenses.
The suspect app was called MetaMask, a service for managing Ethereum-based distributed applications -- or Dapps. There is just one problem; MetaMask does not operate a mobile application. Instead, this was a third-party posing as a popular legitimate service to reach unsuspecting victims. Actual MetaMask representatives took to Twitter, asking Google to step up their protections for trademarked names:
WhatsApp was similarly imitated in 2017.
It is a reminder that no matter the system, users should take charge of their own security. In this instance, MetaMask's official website has no mention of mobile applications - only desktop browser extensions. Additionally, users should verify that all transaction information is correct before submitting. Users should also be cautious of using the clipboard to enter credentials, as the clipboard can be read by any running application. Lastly, it is always best to install the latest security updates. No single aspect is a silver bullet for security, but an diligent security posture can at least reduce the risk of becoming compromised.