First CryptoCurrency Clipboard Hijacker Found on Google Play Store

- Advertisement -

Researchers last week found the first Android app on the Google Play store that monitors a device’s clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attacker’s control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address.

A malicious Android app called MetaMask was added to the Google Play store that pretended to be a mobile version of the legitimate service of the same name.  This app, though, was detected by ESET as malicious and when ESET Android security researcher Lukas Stefanko performed an analysis, it was discovered to be stealing a user’s cryptocurrency using two different attack methods.

The first attack method the app used was to attempt to steal the private keys and seeds of an Ethereum wallet when a user adds it to the app. When BleepingComputer analyzed the app’s APK file, we found that the app contains information that can be used to send this stolen data to a Telegram account.

Telegram Message Info
Telegram Message Info

Once a private key is entered, the app will combine the above information information along with the stolen private key and send it via Telegram to the attackers.  Stefanko confirmed that the attackers were using Telegram to receive the stolen keys and seeds.

Sending the stolen key via Telegram
Sending the stolen key via Telegram

The second attack method discovered by Stefanko was to monitor the device’s clipboard for Ethereum and Bitcoin addresses, and if one is detected, swap it out with a different address under the attacker’s control. As cryptocurrency addresses are composed of a long string of numbers and characters, it is hard to memorize them. Knowing this, attackers can swap a desired address with one under their control and have little chance of being detected.

- Advertisement -
Swapping Bitcoin and Ethereum addresses in clipboard
Swapping Bitcoin and Ethereum addresses in clipboard

When replacing addresses in the clipboard, the program will swap out a Bitcoin address with 17M66AG2uQ5YZLFEMKGpzbzh4F1EsFWkmA and an Ethereum address with 0xfbbb2EF692B5101f16d3632f836461904C761965.

Clipboard monitoring is not new and this attack method has been seen it numerous times already in Windows malware, browser extensions, and being sold on underground markets for Android. This is the first time, according to Stefanko, that one was detected on the Google Play store.

Thankfully, this particular app was not widespread and only had five installs. Stefanko told BleepingComputer that this was most likely because it was detected and reported only a few days after being uploaded to the Google Play store.

- Advertisement -



Previous Articles:

- Advertisement -

Latest

Bitcoin Drops 10% From Highs Amid Quantum Computing Warnings

Bitcoin dropped nearly 10% from its record high, falling close to $103,000 after reaching $112,000 last week. BlackRock warned that advances in quantum computing could...

Czech Justice Minister Resigns Over $45M Bitcoin Donation Scandal

Czech Justice Minister Pavel Blazek resigned after controversy over accepting and selling Bitcoin from a convicted criminal.The Justice Ministry auctioned nearly 500 Bitcoin, raising...

Uniswap (UNI) Rebounds Above $6 After Brief Uptrend Breakdown

Uniswap's UNI token dropped below its key uptrend line following a failed hold above the $6.00 support level.High trading volumes accompanied the decline, including...

Michael Saylor Invites Joe Rogan to Discuss Bitcoin on Podcast

Michael Saylor has shown interest in discussing Bitcoin on The Joe Rogan Experience podcast.The idea has generated excitement in the Bitcoin community, with some...

Congress Debates Stablecoin Bill Amid Rising Bank and Crypto Tensions

U.S. lawmakers are moving forward with the Senate Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act, with debates set to resume after...

Must Read

What is Moon Tropica (CAH) – Technology, Tokenomics, Game Preview

Gaming enthusiasts and crypto enthusiasts, hHave you heard about Moon Tropica? If you're longing for that nostalgic feel of classic games from your childhood...