That’s Not MetaMask Mobile, It’s Malware

The clipper malware can steal credentials and keys and change wallet addresses.

In a February 8 announcement, cybersecurity firm ESET said it had discovered malware in the Google Play store that was designed to steal crypto wallet addresses and keys.

According to ESET, this type of malware, dubbed a “clipper,” was first spotted in 2017 on Windows before infecting Android app stores in 2018. ESET researchers say it has been available on “underground hacking forums” and on popular software-hosting site download.cnet.com. The Google Play store is the latest to be affected.

The clipper malware is so named because it can copy a bitcoin or Ethereum wallet address that has been saved on a digital clipboard and change that address to one that belongs to the attacker. The malware is also designed to steal private keys.

To accomplish this goal, the developers of the malware designed the software to look like a mobile MetaMask application, enticing users to download the malware onto a mobile device. However, though MetaMask has been developing a mobile app, one has not been released.

The malware has since been removed from the Google Play store. Just in case, the ESET team reminded cryptocurrency users to always check the official website of the app developer or service provider for the link to the official app.

In October 2017, the ESET team discovered fake mobile apps from the Poloniex exchange in the Google Play store. That malware was designed to steal login credentials and compromise victims’ Gmail accounts as a means of sidestepping two-factor authentication.

Nathan Graham is a full-time staff writer for ETHNews. He lives in Sparks, Nevada, with his wife, Beth, and dog, Kyia. Nathan has a passion for new technology, grant writing, and short stories. He spends his time rafting the American River, playing video games, and writing.

Like what you read? Follow us on X @Bitnewsbot to receive the latest MetaMask, mobile or other Ethereum dapps news.