After a consistent frequency, the crypto community is quite done with the news of crypto scams or hacks here and there. It seems, this time the thief has executed a bit different plan, as an Android app has been found which was practicing cryptocurrency-stealing.
Researchers have recently come to discover a Malicious app which was also available on the Google play store and was stealing crypto assets of the users, via a new type of malware known as a “Clipper.” The malware Clipper used to get access to sensitive information of users. Clipper could hijack a phone’s clipboard feature when people copy and paste their bitcoin or cryptocurrency address. As soon as the App was found to perform such illegal and harmful activity, the app was pulled out. Notably, the app was stealing investor’s crypto funds secretively.
Reportedly, the app was impersonating a legitimate crypto service named MetaMask. With the false title of MetaMask, the app was designed to take the credentials of the user and control the user’s Ethereum cryptocurrency eventually. On this Lukas Stefanko, who is one of a researcher stated,
“This attack targets users who want to use the mobile version of the MetaMask service, which is designed to run Ethereum decentralized apps in a browser, without having to run a full Ethereum node. However, the service currently does not offer a mobile app—only add-ons for desktop browsers such as Chrome and Firefox.”
The malware was already existing since 2017, and this app has been on Google Play before, but the harming impacts were not as intense as it became recently. The researcher added,
“Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims’ cryptocurrency funds.”
This incident hints to one more thing that Google play did not check the authenticity of the app before listing it. Actual MetaMask’s website does not show anything about the app, which is a notable sign for Google to not trust it.
To ensure your own crypto fund’s security, one must check the website Before downloading any app for validity. Let us see when the series of scams and such hacks come to an end.