Cryptocurrency stealing malware discovered on Google Play




Last modified


Google Play caught hosting cryptocurrency-stealing app Crypto Heroes

A cryptocurrency-stealing malware known as a “clipper” has been discovered on the Google Play store. The malware was discovered by security researchers at ESET who published a report on February 8 to warn users about the dangers the malware poses.

Clipper malware mimics Ethereum’s MetaMask

Clipper is a malware designed to steal cryptocurrency from victims by replacing a wallet address in the phone’s clipboard. Usually, cryptocurrency-stealing apps are hosted on unsanctioned Android app stores, but the researchers at ESET revealed that they spotted the malicious app shortly after it was introduced on the official Android store earlier this month.

The app was detected as soon as it tried to impersonate a legitimate service called MetaMask. The clipper attack targets users who make use of the mobile version of the MetaMask services. These services give users a way to run Ethereum decentralized apps (dApps) in a browser, without having to run a full Ethereum node.

The discovered malware allowed the attackers to steal victims’ private keys and gain control over their Ethereum funds. However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attackers.

Interestingly, this is not the first time a malicious app impersonating MetaMask has been discovered on Google Play. However, the apps found in the past were merely phishing for sensitive information to gain access to victims’ cryptocurrency funds.

The clipper app has since been removed from the Google Play store, after the researchers reported it to the Google Play security team. However, anyone, who had already downloaded it, remains affected.

ESET researchers offer security tips to Android users

The researchers have advised Android users to stick with the best practices for mobile security to ensure the safety of their funds and credentials.

To stay safe from clippers and other Android malware, users are advised to keep their Android devices updated and use only reliable mobile security solutions. One should also stick to the official Google Play store when downloading apps. However, it is also advised to check the official website of the app developer or service provider for the link to the official app nonetheless: If there is no link to an official app, users should be extremely cautious and avoid downloading the application in question. Besides that, when carrying out transactions on mobile devices, Android users should double-check every step in all transactions to ensure that every piece of information is correct.

More on crypto news: