A new malicious app-Klipper, disguised themselves as Ethereum-wallet MetaMask was discovered in the Google Play app store. This was announced by the company Eset.
As writes in the blog of the security expert Lucas Stefanko, the aim of the app was the theft of data required to gain access to the Ethereum-wallet users. In particular, it could replace the addresses of wallets that are copied to the clipboard, to the addresses of the hackers.
“This attack is aimed at the users of the mobile version of the service MetaMask designed to run decentralized applications on the basis of the Ethereum[…] At present this service, however, does not have a mobile app – only extensions for desktop browsers like Chrome and Firefox,” wrote Stefanko.
App was detected soon after its appearance in Google Play February 1 and has been removed from the store. As noted Stefanko, this clipper has hit Google Play for the first time – previously it was a malicious app posing as MetaMask, but they were only able to steal crucial information for gaining access to the cryptocurrency means sacrifice.
Google claims that it regularly scans more than 50 billion apps for viruses, backdoors, spyware, functions, tools phishing, spam and various tricks that enables fraudsters to obtain access to devices and users ‘ personal data. Despite this, cybersecurity experts regularly find malware that are disguised as games, TV apps and software for remote management.
We will remind, in November of last year the company Eset have discovered in Google Play four fake wallet for cryptocurrency, stealing personal data. In particular, they imitated wallets for Neo (NEO), Tether (USDT) and Ethereum (ETH). The latter also posed for the MetaMask.