ESET discovered a malware which impersonated the tool of MetaMask

One form of malware, which replaces the crypto wallet addresses of the victims, was discovered for the first time in an application on Google Play Store. The decentralized app or dApp called MetaMask, faces fresh problems from crypto scammers after there was a malware that mimicked the tool, which appeared on Google Play Store, according to the report of the cybersecurity company ESET, published on the 8th of February.

According to the blog post of the company, the malware, which is known as a ‘clipper’ replaces computer clipboard content to steal crypto, finding the addresses of online crypto wallets, and replacing them with addresses which are owned by the attacker.

This malware-laden app, which was discovered by ESET, impersonates the MetaMask which provides access to Ethereum decentralized applications. The primary purpose of the malware is to steal the credentials and private keys of the users of MetaMask and have access to their Ethereum or ETH funds.

However, it may also intercept Bitcoin or BTC, and Ethereum or ETH wallet address copied to the clipboard. The malware hopes to send fund elsewhere without the user noticing.

The purpose of the malware: steal credentials and private keys of victims

MetaMask doesn’t offer an app product for mobile devices right now. However, the fake application was removed from the Play Store after ESET researchers have reported it to the security team of Google, somewhere at the start of this month.

The discovery has marked the first time such malware had made it past vetting procedures of Google. ESET explained that the clipper which they found lurking in the Google Play Store, detected by their security solutions as Android/Clipper.C impersonates the legitimate service MetaMask.

They added that the primary purpose of the malware was to steal the credentials and private keys of victims, which we already mentioned previously.

Responding to the discovery of the malware, MetaMask posted a tweet in which they said that they would appreciate it if Google Play Dev reserves trademarked names for apps, mainly repeating phishing targets like they are.

MetaMask was victim to malicious schemes before

However, this was not the first problem of MetaMask with Google. The decentralized app MetaMask, which is one of the oldest ETH-based dApps, has fallen victim to malicious schemes previously.

Last year in July, the browser extension of the firm was pulled from Google Play by Google developers, leaving only false impersonations for about five hours before it was restored. One report by MetaMask revealed that this was done by mistake.

In November 2018, MetaMask has confirmed its plans to launch a mobile app, which became the target of the latest malware issue.

Earlier in February, another form of malware has been discovered by cybersecurity firm Palo Alto Networks, which steals browser cookies, as well as other information on the Apple Mac computers of the victims to steal cryptocurrencies.

To stay secure from such mobile malware, ESET has advised the users to keep devices updated and double-check every step in all the crypto transactions, including wallet addresses copied on a clipboard.


Please enter your comment!
Please enter your name here