Monday, 11 February 2019

First Clipper Malware Discovered on Google Play

Clipper malware
Android/Clipper.C impersonating MetaMask on Google Play
Clippper malware was discovered on Google Play, the official Android app store. This malicious malware was discovered in Feb 2019.

What is the clipper malware? 


Addresses of the online cryptocurrency wallets have a long string of characters that includes alphabets and numbers.These addresses are basically long for security reasons. The users generally copy and paste the addresses using the clipboard instead of taking the trouble to type them out.

The people who steal the cryptocurrency, take advantage of this lapse and replace the wallet address in the clipboard. This is the clipper malware.

The attacker intercepts the address on the clipboard and changes it to the address belonging to him.
The user then ends up with the wallet address that has been switched by the attacker.

Though the clipper malware is relatively new, where the cryptocurrency stealers alter the address, it is considered an established malware.

The origins of clipper malware


The clipper malware was first discovered in 2017 on the Windows platform.

Later it was noticed in the shady Android app stores in the summer of 2018.

In August 2018, the first Android clipper malware was discovered. It is sold on underground hacking forums and subsequently seen in shady Android app stores.

The clipper malware was also hosted on download.cnet.com. This is one of the most popular software hosting sites. This malware was discovered by ESET researchers.

In February 2019, the malware was found on Google Play, which is the official Android app store.

How does the clipper malware function? 


The clipper malware was detected on the Google Play store. This malicious malware was found out by ESET security solutions. The malware, Android/Clipper.C, impersonates a genuine service known as MetaMask.

The clipper malware basically steals the user’s credentials and private keys in order to access the user’s Ethereum funds. This malware can also change the Bitcoin or Ethereum wallet address of the user and replace it with the address of the hacker. The wallet address of the user is replaced by the wallet address of the hacker using the clipboard.

When and how was the clipper malware discovered? 


On 1st Feb 2019, the ESET security solutions discovered the clipper malware, Android/Clipper.C on Google Play, the official Android app store. This was then intimated to the Google Play security team. They immediately removed the app from the Store.

This hacking targets the users who make use of the mobile version of the MetaMask service. The MetaMask service runs Ethereum decentralized apps in the browser without any need of running a complete Ethereum node.

Currently, the MetaMask service is not offering the mobile app. They are available as add-ons for desktop browsers like Chrome and Firefox.

Previously too, malicious apps were discovered on Google Play impersonating MetaMask in order to access the victim’s cryptocurrency funds.

Security measures against clipper malware


Users should update their Android devices and use reliable mobile security solution.

Download apps from the official Google Play store.

For any Google Play search, stick to the official website of the app developer or service provider for the link to the official app.

For any sensitive transactions involving information or money, double check every step.

No comments:

Post a comment

Note: only a member of this blog may post a comment.