News First CryptoCurrency Clipboard Hijacker Found on Google Play Store

First CryptoCurrency Clipboard Hijacker Found on Google Play Store

-

- Advertisment -

Bitcoin

Researchers last week found the first Android app on the Google Play store that monitors a device’s clipboard for Bitcoin and Ethereum addresses and swaps them for addresses under the attacker’s control. This allows the attackers to steal any payments you make without your knowledge that you sent it to the wrong address.

A malicious Android app called MetaMask was added to the Google Play store that pretended to be a mobile version of the legitimate service of the same name.  This app, though, was detected by ESET as malicious and when ESET Android security researcher Lukas Stefanko performed an analysis, it was discovered to be stealing a user’s cryptocurrency using two different attack methods.

The first attack method the app used was to attempt to steal the private keys and seeds of an Ethereum wallet when a user adds it to the app. When BleepingComputer analyzed the app’s APK file, we found that the app contains information that can be used to send this stolen data to a Telegram account.

Telegram Message Info
Telegram Message Info

Once a private key is entered, the app will combine the above information information along with the stolen private key and send it via Telegram to the attackers.  Stefanko confirmed that the attackers were using Telegram to receive the stolen keys and seeds.

Sending the stolen key via Telegram
Sending the stolen key via Telegram

The second attack method discovered by Stefanko was to monitor the device’s clipboard for Ethereum and Bitcoin addresses, and if one is detected, swap it out with a different address under the attacker’s control. As cryptocurrency addresses are composed of a long string of numbers and characters, it is hard to memorize them. Knowing this, attackers can swap a desired address with one under their control and have little chance of being detected.

Swapping Bitcoin and Ethereum addresses in clipboard
Swapping Bitcoin and Ethereum addresses in clipboard

When replacing addresses in the clipboard, the program will swap out a Bitcoin address with 17M66AG2uQ5YZLFEMKGpzbzh4F1EsFWkmA and an Ethereum address with 0xfbbb2EF692B5101f16d3632f836461904C761965.

Clipboard monitoring is not new and this attack method has been seen it numerous times already in Windows malware, browser extensions, and being sold on underground markets for Android. This is the first time, according to Stefanko, that one was detected on the Google Play store.

Thankfully, this particular app was not widespread and only had five installs. Stefanko told BleepingComputer that this was most likely because it was detected and reported only a few days after being uploaded to the Google Play store.



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came under new ownership in December 2019. Since taking over the exchange,...

Fungibility: Bitcoin Mixers Favorite Term That No One Understands

Fungibility, perhaps the most important concept when dealing with a decentralized and anonymous currency, but does bitcoin...

Crypto can’t thrive in the real world – but stablecoins can

We can safely say that the hype about cryptocurrencies is pretty much over. The claims of Bitcoin...

How to double your crypto

Most of us have a small gambler deep inside our souls. We love to feel the thrill...
- Advertisement -First CryptoCurrency Clipboard Hijacker Found on Google Play Store

Cryptocurrency Top Security Risk Concerns: What You Can Do to Protect Your Crypto

A report by CipherTrace revealed that in the first half of 2019, criminals and fraudsters stole more...

How has Bitcoin of America Changed the Cryptocurrency Industry?

Who is Bitcoin of America? Bitcoin of America is a U.S. based digital currency...

Must read

Mercuriex Cryptocurrency Exchange Launches New Utility Token, SURF

MercuriEx Cryptocurrency Exchange, originally developed in 2017, came...

Fungibility: Bitcoin Mixers Favorite Term That No One Understands

Fungibility, perhaps the most important concept when...
- Advertisement -First CryptoCurrency Clipboard Hijacker Found on Google Play StoreFirst CryptoCurrency Clipboard Hijacker Found on Google Play Store

You might also likeRELATED
Recommended to you