Cybersecurity firm ESET recently released a report about a malicious application, which can be found on the Google Play Store, that was said to be stealing users cryptocurrency.
According to an official blog post made by WeLiveSecurity, cryptocurrency addresses consist of long strings of alphanumeric characters. Because of this, most users copy and paste the addresses when filling out invoices and making transactions. This recently discovered malware program dubbed “Clipper” has been stated to be intercepting the clipboard content from crypto users. The malware would proceed to replace the user’s address with the one belonging to the hacker.
These types of malware program aren’t anything new as many versions of them have existed throughout recent years in various operating systems. During the summer of 2019, several versions of this malicious malware were discovered on the Android app stores, according to WeLiveSecruity’s blog post. The most recent edition discovered for this Clipper program has been discovered in the Google Play Store.
Currently found on the official Android app store and even discovered on third-party platforms, this vile software program executes scripts on a users system that programmed to detect crypto addresses on an operation systems clipboards. As previously mentioned, the malware is capable of replacing the user’s address with one the seems similar to the victim’s address, but in reality, belongs to the hacker.
During August of the previous year, the very first version of an Android clipper was discovered, as it was being sold through a secret online forum. According to information provided by WeLiveSecurity, the very same Android-based malware has located in several shady app stores.
The clipper program was discovered by WeLiveSecurity researches as they searched through the Google Play Store. The program was given the name “Android/Clipper.C” and worked by impersonating a legitimate wallet named MetaMask.
When someone has decided to download this program, the clipper program gains complete access to the victim’s credentials and their private keys, allowing the attacker to gain access and steal the person’s cryptocurrency from their wallets.