Malware designed to intercept and replace digitally-copied cryptocurrency addresses with those belonging to hackers has been found in a fake MetaMask app available until recently at the Google Play app market.
According to cybersecurity firm WeLiveSecurity, the malicious app, “Android/Clipper.C” was, “…spotted shortly after it was introduced at the official Android store, which was on February 1, 2019.”
The firm says it reported the infected app to Google Play and it has now been removed.
Meanwhile, any users who mistakenly downloaded the malicious Ethereum “MetaMask” app may have had their crypto sends and receives compromised:
“For security reasons, addresses of online cryptocurrency wallets are composed of long strings of characters. Instead of typing them, users tend to copy and paste the addresses using the clipboard. A type of malware, known as a ‘clipper,’ takes advantage of this. It intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert. In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker.”
The malware’s presence on Google Play was reportedly new:
“This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018. In February 2019, we discovered a malicious clipper on Google Play, the official Android app store.”
Malicious apps impersonating Metamask, “which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node,” are not new, however:
“Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims’ cryptocurrency funds.”
Cryptocurrency users are advised to always triple check cryptocurrency addresses whether copying-and-pasting them or not, as even one mistake in the long alphanumeric addresses will result in the cryptocurrency tokens either failing to send or being mis-sent.
Crypto transactions cannot be reversed by senders at this time.