An application pretending to be DApp MetaMask contained malware that aimed to steal coins by replacing wallet addresses.
The malware, which replaces computer clipboard info in an attempt to steal cryptocurrency, was removed by Google at the beginning of the month after a tip-off from Eset researchers.
Known as a ‘Clipper,’ the malware replaces copied cryptocurrency wallet addresses with an address belonging to an attacker in the hopes funds will be sent elsewhere without the user noticing.
The discovery marked the first time such malware had made it past Google’s vetting procedures, the security firm notes.
“The clipper we found lurking in the Google Play store, detected by ESET security solutions as Android/Clipper.C, impersonates a legit service called MetaMask,” Eset explained, continuing:
“THE MALWARE’S PRIMARY PURPOSE IS TO STEAL THE VICTIM’S CREDENTIALS AND PRIVATE KEYS TO GAIN CONTROL OVER THE VICTIM’S ETHEREUM FUNDS. HOWEVER, IT CAN ALSO REPLACE A BITCOIN OR ETHEREUM WALLET ADDRESS COPIED TO THE CLIPBOARD WITH ONE BELONGING TO THE ATTACKER.”
MetaMask, which is one of the oldest Ethereum (ETH)-basd DApps, has fallen victim to malicious schemes in the past.
In July of last year, Google developers pulled the application from Google Play altogether, leaving only fake impersonations.
A subsequent report from MetaMask revealed the action had occurred by mistake.
In November, MetaMask confirmed its plans to launch a mobile application, which ended up being the target of the latest malware issue.