Google Play Store Captured For Hosting Fake Metamask Crypto Malware
It is reported by Eset on 8th Feb that Google Play Store has been found to be hosting malware applications specially designed to steal cryptocurrencies.In the beginning of the month, Decentralized app (DApp) MetaMask replaces computer clipboard information in order to steal cryptocurrency was removed by Google post an after a tip-off done by ESET internet security firm (a cybersecurity firm).
The malware also is known as Clipper. It monitors and intercepts the clipboard software used to copy and paste crypto wallet addresses. It alters the string so that the funds are sent the attacker instead of the recipient without the user noticing. This form of crypto jacking was widely prevailing years ago. But it has reared its head again. Eset claims to discover the malware on Google’s official Android app store and hosted on one of the largest legitimate software download websites, Cnet. Eset explained:
“We spotted Android/Clipper.C shortly after it had been introduced at the official Android store, which was on February 1, 2019. We reported the discovery to the Google Play security team, who removed the app from the Store.” “The clipper we found lurking in the Google Play store, detected by ESET security solutions as Android/Clipper.C, impersonates a legitimate service called MetaMask.”
It further added:
“The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds. However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.”
MetaMask is one of the oldest Ethereum (ETH)-based DApps. It is only available as a browser plugin for Firefox and Chrome and has no mobile version. Browser firms are increasing to fight against crypto-centric malware. Mozilla is the latest to join the battle. Hence, the techniques of stealing cryptocurrency have become advanced. Therefore, users can not rely on the screening processes of these app stores.
In January, this cryptocurrency malware was found skulking on movie download websites. In November 2018, Decentralized app (DApp) MetaMask announced its plans to launch a mobile app which didn’t turn up being the target of the latest malware issue.