Fake MetaMask App That Hijacks Ethereum dApps Removed By Google

Fake MetaMask App That Hijacks Ethereum dApps Removed By Google

Google, at the start of the month, removed yet another malware app used by hackers to steal cryptocurrencies. Experts at IT security firm, Eset tipped off the company to the presence of a fake MetaMask app on the Google Play Store.


Clipper Malware Impersonating MetaMask App

Lukas Stefanko, a malware researcher at Eset, publishedthe news on the companys website last Friday (February 8, 2019). According to the post, Eset experts found a malicious app Android/Clipper.C, purporting to be MetaMask.

The report indicates that Ethereum owners who downloaded the app could have their private keys compromised and their funds stolen. Like other clippers, this malware could also hijack the clipboard of the victim replacing their Bitcoin or Ethereum address.


MetaMaskallows users to run decentralized apps (DApps) hosted on the Ethereum platform via a browser add-on without having to run the full network node. Currently, the service has no mobile app.

Android/Clipper.C isnt the first app to impersonate MetaMask on the Google Play Store. Back in 2018, Google removed the previously available MetaMask mobile app which seems to have left room for many malicious iterations of the service.

Usually, these faux-MetaMask employ phishing techniques to gain access to user funds held in cryptocurrency wallets. Meanwhile, MetaMask in November 2018 announced plans to relaunch its mobile app following the continued success of the browser add-on which has more than one million total downloads.


Cryptocurrency Theft via Clipboard Hijacking

The pivot of these malicious apps impersonating MetaMask from phishing to clipping is indicative of the growing menaceof cryptocurrency theft via clipboard hijacking. In July 2018, Bitcoinistreportedthat a clipboard hijacking malware was monitoring about 2.3 million Bitcoin addresses.

Since wallet addresses are composed of a lot of alphanumeric characters, most people copy and paste them when carrying out transactions to avoid costly errors. These malicious apps target this practice by hijacking the users clipboard replacing their addresses with those of the attacker.

To avoid falling victim to clipboard hijacking, cryptocurrency owners should endeavor to upgrade their antivirus software. Also, it is essential to eyeball addresses before pressing send. Five minutes of due-diligence could save you losing your precious crypto.

What other ways can cryptocurrency owners protect themselves from clipboard hijacking?Let us know your thoughts in the comments below.

Image courtesy of ESET, Shutterstock

The post Fake MetaMask App That Hijacks Ethereum dApps Removed By Google appeared first on Bitcoinist.com.

11.02.2019 / 05:05 59
Google Play Store Caught Hosting Fake Metamask Crypto Malware Google Play Store Caught Hosting Fake
Crypto markets may still be way down but malware is on the rise and is still infiltrating the largest app market places on the web. Google Play Store
Google Boots Four Malicious Crypto Apps from Play Store Google Boots Four Malicious Crypto Apps
Despite attempts to weed out fake cryptocurrency apps on the Android marketplace, the war is far from being won. Cybersecurity researcher Lukas
Fake Mobile Cryptocurrency Wallet Apps Found on Google Play Store Fake Mobile Cryptocurrency Wallet Apps
A recent discovery shows the presence of phony cryptocurrency wallets found on the Google Play Store. The fight against malicious apps seems not to
Hackers Infiltrate 600K Websites Through StatCounter in Search of Bitcoin Hackers Infiltrate 600K Websites
Cybercriminals have hacked one of the largest website traffic analytics platforms on the web, and with it have injected malicious code into over
Ethereum Wallet MetaMask Achieves Milestone of 1.3 Million Users: Wild Success Ethereum Wallet MetaMask Achieves
MetaMask,the most popular Ethereum wallet in the world, has just hit a major milestone of 1.3 million downloads, according to arecent announcement.
Android App Scam Tricks Users into Buying Fake Ethereum Android App Scam Tricks Users into
If you are an Android user looking to download cryptocurrency applications, be careful of malicious app developers masquerading themselves as
Comments (0)
Add a comment
Comment on