News First CryptoCurrency Clipboard Hijacker Found on Google Play Store

First CryptoCurrency Clipboard Hijacker Found on Google Play Store

-

- Advertisment -

Bitcoin

Researchers last week found the first Android app on the Google Play store that monitors a device’s clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attacker’s control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address.

A malicious Android app called MetaMask was added to the Google Play store that pretended to be a mobile version of the legitimate service of the same name.  This app, though, was detected by ESET as malicious and when ESET Android security researcher Lukas Stefanko performed an analysis, it was discovered to be stealing a user’s cryptocurrency using two different attack methods.

The first attack method the app used was to attempt to steal the private keys and seeds of an Ethereum wallet when a user adds it to the app. When BleepingComputer analyzed the app’s APK file, we found that the app contains information that can be used to send this stolen data to a Telegram account.

Telegram Message Info
Telegram Message Info

Once a private key is entered, the app will combine the above information information along with the stolen private key and send it via Telegram to the attackers.  Stefanko confirmed that the attackers were using Telegram to receive the stolen keys and seeds.

Sending the stolen key via Telegram
Sending the stolen key via Telegram

The second attack method discovered by Stefanko was to monitor the device’s clipboard for Ethereum and Bitcoin addresses, and if one is detected, swap it out with a different address under the attacker’s control. As cryptocurrency addresses are composed of a long string of numbers and characters, it is hard to memorize them. Knowing this, attackers can swap a desired address with one under their control and have little chance of being detected.

Swapping Bitcoin and Ethereum addresses in clipboard
Swapping Bitcoin and Ethereum addresses in clipboard

When replacing addresses in the clipboard, the program will swap out a Bitcoin address with 17M66AG2uQ5YZLFEMKGpzbzh4F1EsFWkmA and an Ethereum address with 0xfbbb2EF692B5101f16d3632f836461904C761965.

Clipboard monitoring is not new and this attack method has been seen it numerous times already in Windows malware, browser extensions, and being sold on underground markets for Android. This is the first time, according to Stefanko, that one was detected on the Google Play store.

Thankfully, this particular app was not widespread and only had five installs. Stefanko told BleepingComputer that this was most likely because it was detected and reported only a few days after being uploaded to the Google Play store.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

3 Beginner Friendly Ways to Make Money with Cryptocurrency 2020

In this article, we will explain how to make money with cryptocurrency in 2020. These methods are...

Blockchain, Bitcoin, and Mashed Potatoes

According to studies, over the next 5 years, many of the major supermarkets are expected to...

Different Facets of Biometric Authentication and How They Are Making A Difference in The Financial Sector

When we think of authentication in the true sense, then we find ourselves amid the different proven...

UNICEF’s 125 ETH Investment Took Less Than 20 Minutes and Cost Less Than $20

"The digital world is coming to us faster than we could have imagined," said UNICEF chief Chris...
- Advertisement -First CryptoCurrency Clipboard Hijacker Found on Google Play Store

Analysis: Is Bitcoin (BTC) Still Viewed As A Dark Web Currency?

There is a long past of Bitcoin (BTC) – due to its anonymity – being used in...

A Beginner’s Guide to Day Trading Crypto

Much of the activity that comes from the crypto-space originates from the crypto-trading community. Buying and selling...

Must read

Blockchain, Bitcoin, and Mashed Potatoes

According to studies, over the next...
- Advertisement -

You might also likeRELATED
Recommended to you