Crypto-Stealing Clipper Malware Disguised as MetaMask Infiltrates Google Play Store

A new type of malware capable of phishing and changing online crypto wallet addresses has recently been discovered on the Google Play Store, according to a blog post published Friday by IT security company ESET.

Known as a “clipper,” the malware initially obstructs the clipboard content, finds an online crypto wallet, and subsequently supersedes the wallet’s address with that of the attacker. As detailed in the report, the malware poses as MetaMask, an app that provides entry to Ethereum decentralized applications, allowing attackers to access Metamask users’ private keys and other sensitive personal data to steal Ethereum funds. Furthermore, the malware is also reportedly capable of intercepting both Ethereum and Bitcoin wallet addresses from the clipboard.

As it stands, the MetaMask app is currently not available for mobile devices.

The fraudulent app’s description is shown below:

Since its discovery, the app has been reported to Google’s security team and subsequently eliminated from the Google Play Store.

Following the report, MetaMask took to Twitter, stating:

“We would appreciate if @GooglePlayDev would reserve trademarked names for apps, especially repeat phishing targets like us.”

This would not be the first time MetaMask has faced issues with Google. In July 2018, Google’s Chrome Web Store has inadvertently removed the app’s browser extension for approximately five hours reinstalled.

In an effort to mitigate such malware attacks, ESET recommended that users should always keep their devices up-to-date and countercheck crypto transactions, ensuring each step is followed accordingly and wallet addresses are accurately copied on a clipboard.

Prior to the discovery of the clipper malware, cybersecurity firm Palo Alto Networks has also stumbled upon another form malware capable of stealing cryptocurrencies by exploiting browser cookies as well as other data on Apple Mac laptops.