A fake app containing Android//Clipper.C recently made its rounds on the official Android app store, Google Play, ESET’s WeLiveSecurity reports.
The app was designed to impersonate a real service, MetaMask, which allows users to run ethereum dApps within a web browser, and without a full Ethereum node. Attackers have taken advantage of MetaMask's lack of an Android app and made it look like an official product.
The hidden malware replaced the cryptocurrency wallet address copied to the user’s clipboard with one belonging to the hacker. As noted by ESET, this method has proven effective because users tend to copy and paste their wallet addresses due to their length. In addition to swapping the infected device’s clipboard data, the malware was also able to retrieve the victim’s crypto-related credentials.
The malicious app has been deleted from Google Play shortly after its discovery by ESET’s team.