Bitcoin-Stealing App Found in Play Store

Bitcoin-Stealing App Found in Play Store
Clipper malware contained in the app diverts cryptocurrency payments to the malware author's wallet.

(CCM) — A malicious app that contains malware which hijacks cryptocurrency payments has been found in Google's Play store, according to a Hot Hardware report.

The clipper malware takes advantage of the fact that when users make a cryptocurrency payment, the address of the recipient's wallet is too long to be remembered or typed easily. For that reason most cryptocurrency users cut and paste the intended recipient into their payment application.

Clipper malware, such as the one found in the Google Play store, monitors an infected device's clipboard to spot when a cryptocurrency addresses is copied to it. When the user then tries to paste the address into their app, the malware changes the address to that of a wallet controlled by the malware authors. That means that if the user does not spot that the address has been changed, the payment will go to the hackers instead of the intended recipient.

Clipper malware also searches for the infected machine user's credentials and private keys, and if it successfully finds them it siphons off the user's cryptocurrencies directly and irreversibly, according to the report.

Clipper malware first came to light about two years ago, targeting users of systems running Microsoft's Windows operating system. Android variants appeared more recently, but until now only appeared in apps hosted on third-party app stores. But the MetaMask app, which contained the malware, is believed to be the first incidence of an app containing clipper malware making it onto Google's Play store.

The MetaMask app was not connected in any way with MetaMask, a service for managing Ethereum-based distributed applications, and Google has removed it from the Play store.

Image: © DD Images -