Clipper Malware
Android, Mobile, News | 02/22/2019

Play Store again in the storm of controversies: First Cryptocurrency stealing clipper Malware found on Android’s official App Store

About: Cryptocurrency stealers that replace wallet address in the clipboard are no longer restricted to Windows or shady Android App Stores. Researchers recently discovered a malicious app in Android official app store i.e. Google Play. The rogue applicatio...  Read More  

| Mobile | Android | Play Store again in the storm of controversies: First Cryptocurrency stealing clipper Malware found on Android’s official App Store

Another cryptocurrency theft is in the books!


The crypto arena, since its inception has been thronged with heist. The virtual assets seem to beguile some of the most malicious players in the industry. The rising popularity of cryptocurrencies has attracted both thieves & investors in equal measures. It has led to significant increase in both crimes & disputes related to digital assets. As Crypt-o-currency Mining Apps have been banned by Google from the official Play Store, threat actors are adopting shady tactics to swindle victim’s crypto currency wallets.


Clipper Malware 1

Recent research reveals that a malicious app designed to steal cryptocurrency has been discovered on Google play, the official Android App Store. Classified as clipper, the malware is configured to intercept victim’s device’s clipboard & replace their wallet address stealthily with the one belonging to the attacker.


Earlier, similar cryptocurrency stealers leveraging clipboard hijacking techniques were found on Windows & shady Android app Stores. However, it was the first time that such a devious app hosting the malicious android clipper was incorporated in the official Google Play Store. The app was masqueraded as a mobile version of MetaMask, a legitimate cryptocurrency service on desktop devices.


What is Metamask & how does Android clipper leverages the cryptocurrency service?

MetaMask is a legitimate service, designed to interact with the Ethereum decentralized apps in a browser without having to run a full Ethereum node. For users, it works as an Ethereum wallet, allowing them to store & send any standard Ethereum compatible tokens.

Metamask App Malware

Addresses on the online cryptocurrency wallets are composed of long strings of characters. Users instead of memorizing & typing them tend to copy and paste the address using clipboard. The Android clipper impersonates the legitimate service of this online cryptocurrency wallet. The Bitcoin or Ethereum wallet address copied to the clipboard is replaced with the one belonging to the threat actors by this malice.


The sole motive of this clipper malware is to steal victim’s cryptocurrency wallet credentials to gain control over their Ethereum funds.


The malicious app besides phishing cryptocurrency credentials also leverages clipper malware techniques to exploit the vulnerabilities of the victim’s device. Thought the app has since been removed, those who already downloaded it still remain affected.


Clipper Malware – History & Origin

The origin of first clipper malware can be traced back to 2017. Disguised as a utility tool, the malware was available for free download on Windows platform.  The deceptive app lured users to download it by claiming to extend and expand the Windows clipboard. The app ran silently in the system tray hiding its identity.


In the summers of 2018, the first Android clipper was was spotted in shady Android App Stores. In 2019, the malicious clipper made its rounds in the official Android app store, Google play impersonating the legitimate service of Metamask.


Cryptocurrency stealers that rely on altering the clipboard’s content are not new to the cyber-crime world. It is therefore deemed vital to undertake preventive measures to avoid unforeseen circumstances.


How to avoid becoming a victim of malware threats?

  1. Keep all the apps and the device OS up to date. Upgrade all the apps to the latest versions as it incorporates patches to the discovered vulnerabilities associated with old versions that might make your device susceptible to system threats.
  2. Protecting the system with authentic antivirus programs is utmost important to inhibit the invasion of malware. These include Hitman pro & BULL GUARD.
  3. Always consider downloading applications form official app stores.
  4. It is always recommended to go through user reviews before downloading any app. Positive reviews can easily be faked. Negative reviews reveal the true nature of any application.
  5. Going through the installation steps cautiously always goes a long way.
  6. While pasting content from clipboard, please check to ensure that what you pasted is what you intended to enter.

Hits: 130

Leave a Reply

Your email address will not be published. Required fields are marked *

Did you find the article informative? Yes NO

Get Regular Updates Related to All the Threats

Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.

Virus Removal Guidelines
Plot No 319, Nandpuri- B Pratap Nagar
Rajasthan 302033
Phone: +91 9799661866