Another day, another piece of cryptocurrency malware discovered. On this occasion, it’s Google Play, the app store for Android users, that was affected.
Researchers at We Live Security (WLS) found that fraudsters had created an application which imitated a legitimate program called MetaMask.
Asia Trading Summit – The Leading Investment Event in China
Founded four years ago, MetaMask is supposed to allow a user to access Ethereum developer applications directly on their browser.
Currently, the firm does not offer a mobile application. Users can only access the company’s services via browser extensions.
The purpose of the fraudulent application was to steal a user’s ethereum wallet details. It could also be used to alter a payment by replacing the real recipient’s public key with the hacker’s.
According to WLS, the fraudsters were using a piece of malware known as a ‘clipper.’
To put this in simple terms, a clipper allows a scammer to doctor something copied to a user’s clipboard.
For those unfamiliar with that latter term, whenever you copy and paste something on your computer, phone or tablet, it is copied to your ‘clipboard’ once you have clicked ‘copy.’
Clipping MetaMask
By and large, being able to interfere with what is copied to someone’s clipboard isn’t particularly useful. If I copy and paste a small piece of text, and someone has doctored the text, the chances are I’m going to see it.
Not so for wallet addresses. As they are made up of a series of random digits and letters, it would be very easy to replace a wallet address copied to someone’s keyboard without them realizing.
WLS says that this is not the first time that hackers have impersonated MetaMask.
Since the company launched in 2015, a number of fake mobile applications have popped up on the Android Store purporting to be a mobile version of MetaMask.
But in those instances, the hackers have simply tried to steal users’ wallet details, instead of messing with their clipboard.