Bitcoin scam warning over fake Android app that steals cryptocurrency from your phone
Bitcoin and ethereum can be stolen from a victim's smartphone through the 'clipper' malware
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A dangerous app that steals bitcoin and other types of cryptocurrency from people’s phones has been discovered in the official Android app store Google Play.
Security researchers at ESET discovered the so-called ‘clipper’ malware in early February within a legitimate-looking app called MetaMask.
The malware works by intercepting cryptocurrency wallet addresses, which are used to send funds online from one account to another.
Bitcoin wallet addresses are composed of long strings of characters for security reasons, meaning people tend to copy and paste them rather than typing them out.
By intercepting the address when it is copied and secretly replace it with a wallet address of their own, attackers were able to redirect funds to their own accounts.
It is not the first time this type of malware has been discovered on Android apps, though infected apps had never before appeared in the official Google Play store.
“This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018,” ESET researcher Lukas Stefanko wrote in a blog post detailing the discovery.
“The clipper we found lurking in the Google Play store... impersonates a lefitimate service called MetaMask. The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s ethereum funds.”
The malware is also able to replace a bitcoin or ethereum wallet address copied with one belonging to the attacker.
MetaMask has since been removed from the Google Play store and no other known instances of the malware is currently present on the app store. A spokesperson for Google was not immediately available for comment.
In the wake of the discovery, ESET researchers advised Android users to keep their devices updated and to avoid downloading apps from any unofficial sources.
“Always check the official website of the app developer or service provider for the link to the official app. If there is not one, consider it a red flag and be extremely cautious to any result of your Google Play search,” Mr Stefanko wrote.
“Double-check every step in all transactions that involve anything valuable, from sensitive information to money. When using the clipboard, always check if what you pasted is what you intended to enter.”
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments