Another cryptocurrency theft is in the books!
The crypto arena, since its inception has been thronged with heist. The virtual assets seem to beguile some of the most malicious players in the industry. The rising popularity of cryptocurrencies has attracted both thieves & investors in equal measures. It has led to significant increase in both crimes & disputes related to digital assets. As Crypt-o-currency Mining Apps have been banned by Google from the official Play Store, threat actors are adopting shady tactics to swindle victim’s crypto currency wallets.
Recent research reveals that a malicious app designed to steal cryptocurrency has been discovered on Google play, the official Android App Store. Classified as clipper, the malware is configured to intercept victim’s device’s clipboard & replace their wallet address stealthily with the one belonging to the attacker.
Earlier, similar cryptocurrency stealers leveraging clipboard hijacking techniques were found on Windows & shady Android app Stores. However, it was the first time that such a devious app hosting the malicious android clipper was incorporated in the official Google Play Store. The app was masqueraded as a mobile version of MetaMask, a legitimate cryptocurrency service on desktop devices.
MetaMask is a legitimate service, designed to interact with the Ethereum decentralized apps in a browser without having to run a full Ethereum node. For users, it works as an Ethereum wallet, allowing them to store & send any standard Ethereum compatible tokens.
Addresses on the online cryptocurrency wallets are composed of long strings of characters. Users instead of memorizing & typing them tend to copy and paste the address using clipboard. The Android clipper impersonates the legitimate service of this online cryptocurrency wallet. The Bitcoin or Ethereum wallet address copied to the clipboard is replaced with the one belonging to the threat actors by this malice.
The sole motive of this clipper malware is to steal victim’s cryptocurrency wallet credentials to gain control over their Ethereum funds.
The malicious app besides phishing cryptocurrency credentials also leverages clipper malware techniques to exploit the vulnerabilities of the victim’s device. Thought the app has since been removed, those who already downloaded it still remain affected.
The origin of first clipper malware can be traced back to 2017. Disguised as a utility tool, the malware was available for free download on Windows platform. The deceptive app lured users to download it by claiming to extend and expand the Windows clipboard. The app ran silently in the system tray hiding its identity.
In the summers of 2018, the first Android clipper was was spotted in shady Android App Stores. In 2019, the malicious clipper made its rounds in the official Android app store, Google play impersonating the legitimate service of Metamask.
Cryptocurrency stealers that rely on altering the clipboard’s content are not new to the cyber-crime world. It is therefore deemed vital to undertake preventive measures to avoid unforeseen circumstances.
Hits: 130
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.