Google removed app built to steal users' cryptocurrency from Play Store

The app could likewise access and replace text copied to Android'south clipboard

Security researchers discovered another malicious app hosted on the Google Play Store.

This time around, the malicious app targetted cryptocurrency users. According to researchers from IT security company Eset, the app impersonated a browser-based service designed to run decentralized Ehtereum apps without running a full Ethereum node.

The service, called 'MetaMask,' is but available as an extension for desktop browsers like Chrome and Firefox.

All the same, the false MetaMask app that made its way onto the Play Store was designed to gull users into sharing credentials and individual keys so attackers could gain control of victims' Ethereum and Bitcoin funds.

Worse, Eset researchers said the app independent 'clipper' malware. Called 'Android/Clipper.C' by researchers, the malware could access and change text on the Android clipboard.

Typically, cryptocurrency wallet addresses are long strings of characters for security purposes. Users unremarkably copy and paste them instead of typing them out.

Not only did the clipper malware give attackers admission to wallet addresses users had copied with their Android phone, simply it likewise allowed attackers to supersede the copied address with a different wallet address. This could enable attackers to trick users into sending cryptocurrency funds to the wrong wallet.

Information technology'south worth noting that Google plans to change how Android's re-create and paste system works in Android Q. New permissions would restrict when and how apps can access the clipboard and could potentially gainsay this kind of malware.

Eset says information technology spotted the fake MetaMask app on the Play Store shortly afterwards it appeared on February 1st. Google removed the app after Eset notified the search behemothic.

Unfortunately, in that location'due south no full-proof way to discover and avoid malicious apps like this however. As such, users should always be cautious when downloading apps, especially if they don't accept many downloads. Information technology's likewise worthwhile to investigate official websites. In the case of MetaMask, the official website makes no mention of an Android app.

Recently, several malicious apps discovered on the Play Shop stole users' photos and pushed pornographic ads to people's phones.

Source: Eset Via: Ars Technica