Google removed app built to steal users' cryptocurrency from Play Store

Remigio Civitarese
Febbraio 12, 2019

A form of malware that replaces victims' cryptocurrency wallet addresses has been discovered for the first time in an app on Google Play Store. According to researchers from IT security company Eset, the app impersonated a browser-based service created to run decentralized Ehtereum apps without running a full Ethereum node. While there is a legit website called MetaMask that offers "a secure identity vault, providing a user interface to manage your identities on different sites and sign blockchain transactions", there are only add-ons available for Chrome, Firefox, Opera, and the courageous browser.

Update your Android device in a timely fashion, and install a "reliable" security app on your phone.

However, the fake MetaMask app that made its way onto the Play Store was created to dupe users into sharing credentials and private keys so attackers could gain control of victims' Ethereum and Bitcoin funds.

Worse, Eset researchers said the app contained "clipper" malware. This type of malware is called a "clipper" and it works because addresses of cryptocurrency wallets are composed of long strings of characters. The culprit in this instance was able to steal cryptocurrency by tricking users into depositing it into attackers' wallets. Rather than typing them out, most people copy and paste them using the Android clipboard-something that "clipper" malware uses to its advantage.

MetaMask does not now offer an app product for mobile devices.

The app was reportedly discovered this month, and Google has since removed it, however, Ars Technica claimed the incident "is yet more evidence that Google can't be trusted to proactively keep malware out of Play". In the case of MetaMask, the official website makes no mention of an Android app.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE