In a February 8 announcement, cybersecurity firm ESET said it had discovered malware in the Google Play store that was designed to steal crypto wallet addresses and keys.
According to ESET, this type of malware, dubbed a “clipper,” was first spotted in 2017 on Windows before infecting Android app stores in 2018. ESET researchers say it has been available on “underground hacking forums” and on popular software-hosting site download.cnet.com. The Google Play store is the latest to be affected.
The clipper malware is so named because it can copy a bitcoin or Ethereumwallet address that has been saved on a digital clipboard and change that address to one that belongs to the attacker. The malware is also designed to steal private keys.
To accomplish this goal, the developers of the malware designed the software to look like a mobile MetaMask application, enticing users to download the malware onto a mobile device. However, though MetaMask has been developing a mobile app, one has not been released.
The malware has since been removed from the Google Play store. Just in case, the ESET team reminded cryptocurrency users to always check the official website of the app developer or service provider for the link to the official app.
In October 2017, the ESET team discovered fake mobile apps from the Poloniex exchange in the Google Play store. That malware was designed to steal login credentials and compromise victims’ Gmail accounts as a means of sidestepping two-factor authentication.