Google, at first of the month, eliminated one more malware app utilized by hackers to steal cryptocurrencies. Consultants at IT safety agency, Eset tipped off the corporate to the presence of a faux MetaMask app on the Google Play Retailer.

Clipper Malware Impersonating ‘MetaMask App’

Lukas Stefanko, a malware researcher at Eset, revealed the information on the corporate’s web site final Friday (February 8, 2019). In keeping with the publish, Eset specialists discovered a malicious app “Android/Clipper.C, purporting to be MetaMask.

The report signifies that Ethereum house owners who downloaded the app may have their non-public keys compromised and their funds stolen. Like different clippers, this malware may additionally hijack the clipboard of the sufferer changing their Bitcoin or Ethereum handle.

Android Bitcoin Clipper Malware

MetaMask permits customers to run decentralized apps (DApps) hosted on the Ethereum platform through a browser add-on with out having to run the total community node. At the moment, the service has no cellular app.

Android/Clipper.C isn’t the primary app to impersonate MetaMask on the Google Play Retailer. Again in 2018, Google eliminated the beforehand obtainable MetaMask cellular app which appears to have left room for a lot of malicious iterations of the service.

Normally, these faux-MetaMask make use of phishing strategies to realize entry to consumer funds held in cryptocurrency wallets. In the meantime, MetaMask in November 2018 introduced plans to relaunch its cellular app following the continued success of the browser add-on which has multiple million complete downloads.

Cryptocurrency Theft through Clipboard Hijacking

The pivot of those malicious apps impersonating MetaMask from phishing to clipping is indicative of the rising menace of cryptocurrency theft through clipboard hijacking. In July 2018, Bitcoinist reported {that a} clipboard hijacking malware was monitoring about 2.three million Bitcoin addresses.

Since pockets addresses are composed of loads of alphanumeric characters, most individuals copy and paste them when finishing up transactions to keep away from pricey errors. These malicious apps goal this apply by hijacking the consumer’s clipboard changing their addresses with these of the attacker.

To keep away from falling sufferer to clipboard hijacking, cryptocurrency house owners ought to endeavor to improve their antivirus software program. Additionally, it’s important to eyeball addresses earlier than “urgent ship.” 5 minutes of due-diligence may prevent shedding your treasured crypto.

What different methods can cryptocurrency house owners defend themselves from clipboard hijacking? Tell us your ideas within the feedback beneath.

Picture courtesy of ESET, Shutterstock

The publish Pretend MetaMask App That Hijacks Ethereum dApps Eliminated By Google appeared first on