Google Play Store has yet again been found to be hosting malicious applications designed to steal cryptocurrencies. The malware dubbed Clipper has been discovered on the Play Store on February 1 by researchers at ESET internet security firm who reported on their findings at the weekend.
Clarifying that there are Google Chrome and other browser add-ons on MetaMask’s website currently available for “signing blockchain transactions”, ESET’s security team noted that users should pay attention to the name and spelling of the sites they visit.
How Clipper Malware Works?
The Clipper malware monitors and intercepts the clipboard software which is often used to copy and paste crypto wallet addresses. It modifies the string to that of the attacker so the funds are sent to them instead of the recipient. This crude form of crypto jacking was prevalent a couple of years ago and has now reared its head once again.
These types of malware programs are not new as many different versions had surfaced in 2017 on the Windows platform. During the summer of 2018, there were several versions found on “shady” Android app stores, WeLiveSecurity’s blog mentions.
In August of last year, the very first Android clipper was found – as it was being sold on secret online forums. According to WeLiveSecurity, the same Android-based malware has been found in “several shady app stores.”
When unsuspecting users download the program, the malicious clipper gains access to the victim’s credentials and their private keys. This allows the attacker to access and steal the user’s cryptocurrency from their wallets.
It is becoming painfully clear that users can no longer rely on the screening processes for these huge app stores and any efforts to eliminate malicious apps are largely reactive.