Her researchers ESET they discovered it first Android malware which can replace the contents of a device clipboard in Google Play.
Τthe so-called "clip»Aims at cryptocurrency transactions Bitcoin and Ethereum, aiming to redirect the transfer of funds to the attacker's wallet instead of to the victim.
This discovery shows that clippers, who can redirect cryptocurrencies, are no longer found only in Windows or in "suspicious" Android forums. Now, all Android users need to be careful.
Luk áštefanko, ESET Malware Researcher
The recently discovered clipper is detected by ESET security solutions as Android / Clipper.C. This malware takes advantage of the fact that those who use cryptocurrency trading features usually do not enter their wallet addresses manually. Instead of typing them, users tend to copy and paste the addresses using the clipboard. Malicious software can replace the user's address with one that belongs to the attacker.
Clippers first appeared on Windows in 2017. In fact, in 2018, ESET researchers discovered three such malicious applications at download.cnet.com, one of the most popular software hosting sites in the world. In August 2018, the first Android clipper was discovered that was sold in hacking forums and since then, this malware has been detected in many illegal application stores.
Until 2019, Android users who used only the official Google Play app store were completely safe from clippers. That changed in February 2019 when ESET researchers discovered the first clipper on Google Play. Fortunately, we found this clipper as soon as it appeared on Google Play. We reported this to the Google Play security team, which removed the application from the store
Luk áštefanko, ESET Malware Researcher
The clipper discovered by ESET researchers in the Google Play Store mimics a legal service called Dappradar. It meta mask allows you to run decentralized Ethereum applications in a browser without having to run the entire node Ethereum. It is available in the form of extensions only for desktop browsers such as Chrome and Firefox, and there is no mobile version.
There seems to be a demand for a mobile version of MetaMask. Cybercriminals are aware of this demand and are sneaking in malware that mimics this service on Google Play
Luk áštefanko, ESET Malware Researcher
Also, this older malware that mimics the Dappradar targets deposits Bitcoin ή Ethereum of the user, however, only trying to trick the user into entering the wallet address into a fake form and thus revealing this sensitive information to the intruder.
Having installed one clip on the victim's device, the withdrawal of funds is very easy. The victims themselves inadvertently send money directly to the cybercriminal
Luk áštefanko, ESET Malware Researcher
With his appearance malware clipper for the first time in Google Play, the users Android they should be even more careful and follow the best practices for the security of their mobile phone.
To stay safe from clippers and other malware targeting Android, ESET advises users to:
- They keep it Android update their device and use a reliable mobile security solution.
- Use only the official store Google Play to download applications ωστόσο however always checking the official website of the application developer or service provider for the link leading to the official application. If there is nothing relevant, users should consider it suspicious and be very careful with any result of their search on Google Play
- Thoroughly control every step of the way in all transactions related to anything of value, from sensitive information to money. When using the clipboard, always check if what they pasted is what they wanted to insert.
