Fake MetaMask Crypto Malware Pulled From Google Play After Tipoff

Published at: Feb. 11, 2019

Decentralized app (DApp) MetaMask is facing fresh problems from cryptocurrency scammers after malware impersonating the tool appeared on Google Play, cybersecurity company Eset reported on Feb. 8.

The malware, which replaces computer clipboard information in an attempt to steal cryptocurrency, was removed by Google at the beginning of the month after a tipoff from Eset researchers.

Known as a “Clipper,” the malware replaces copied cryptocurrency wallet addresses with an address belonging to an attacker in the hope that funds will be sent elsewhere without the user noticing.

The discovery marked the first time such malware had made it past Google’s vetting procedures, the security firm notes.

“The clipper we found lurking in the Google Play store, detected by ESET security solutions as Android/Clipper.C, impersonates a legitimate service called MetaMask,” Eset explained, continuing:

“The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds. However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.”

MetaMask, which is one of the oldest Ethereum (ETH)-based DApps, has fallen victim to malicious schemes before.

In July last year, Google developers pulled the app from Google Play altogether, leaving only fake impersonations. A subsequent report from MetaMask revealed the action had occurred by mistake.

In November, MetaMask confirmed its plans to launch a mobile app, which ended up being the target of the latest malware issue.

Tags
Related Posts
Fake Crypto Wallet App Imitating Trezor Found on Google Play Store
Fraudsters have been adding fake cryptocurrency wallets to the Google Play store in an attempt to cash in on rising bitcoin (BTC) prices, ESET antivirus researchers claimed on May 23. One malicious app imitated the hardware wallet Trezor — and the investigation found that the software had ties to another fake app that has the potential to scam unsuspecting users out of money. While the app’s page on Google Play looked legitimate, the researchers said the software itself contains no Trezor branding at all, with a generic login screen phishing for credentials. According to ESET, more than 1,000 users had …
Ethereum / May 23, 2019
Ethereum Scam App Appears on Google Play Store, Malware Researcher Reports
Android’s Google Play Store has recently become a spot for hosting another reported Ethereum (ETH) scam application, The Next Web reports August 21. Lukas Stefanko, a malware researcher from Slovakia, found a fraudulent “Ethereum” application on Google Play that had been allegedly offered for purchase at price of €335 or around $388, according to The Next Web. In an August 20 tweet, the researcher noted that buying the app is “not the same” as an Ethereum purchase, implying that his recent discovery is a crypto scam intended to defraud users by mimicking the original altcoin Ethereum, which is worth around …
Ethereum / Aug. 22, 2018
YouTube Reportedly Runs Malicious Ad for Bitcoin Wallet Electrum by Accident
Video-sharing platform YouTube purportedly ran a malicious advertisement for Bitcoin (BTC) wallet Electrum by mistake, according to a Reddit post published on March 26. Viewers interested in the advertisement were redirected to a malicious link using a common scamming method called typosquatting or URL hijacking. In the Reddit post, a user named mrsxeplatypus warned the public about the promotion of a malware version of Electrum, and described how the scam ad worked: “The malicious advertisement is disguised to look like a real Electrum advertisement [...] It even tells you to go to the correct link (electrum.org) in the video but …
Bitcoin / March 26, 2019
HTC’s Blockchain Phone Exodus Partners With Opera Browser, Adds Multiple DApps
Blockchain-centric smartphone Exodus, developed by consumer electronics giant HTC, announced that it has partnered with web browser Opera as well as added support for multiple DApps. The news was revealed in a series of tweets on Feb. 26 from the firm’s official Twitter. The company announced support for Etheremon and Decentraland DApps in its ZIONVault integrated cold storage. Moreover, according to a Verge report, the smartphone now also supports a Taiwanese DApp called Numbers. Numbers reportedly tracks user data and allows users to sell their data to third parties for cryptocurrency while retaining both control over the data that is …
Blockchain / Feb. 26, 2019
Opera Releases ‘Web 3-Ready’ Android Browser With Ethereum, DApp Support
Opera has launched its “Web 3-ready” browser for Android, with crypto wallet integration, support for Ethereum (ETH) and interactions with decentralized applications (DApps). The launch was announced at the Hard Fork Decentralized event in London Dec. 13, according to a press release shared with Cointelegraph. Charles Hamel, product manager of Opera Crypto, has outlined that the new product aims to remove the “friction” involved in “using cryptocurrencies online and accessing Web 3 via special apps or extensions,” in a bid to make the emerging technologies more “mainstream.” Hamel explained Opera’s choice to support Ethereum and the Ethereum Web3 API as …
Blockchain / Dec. 13, 2018