The Eset company announced the appearance of new malware on Google Play, which works as a wallet for Ethereum and ERC-20 tokens. Virus clipper – MetaMask.
This information was first posted by the Welivesecurity.com news portal on January 8, and then confirmed in reports on Medium. Details about the viral application were published and disclosed by Lukas Stefanko, Master of Computer Science, Technical University in Kosice, malware researcher who joined ESET in 2011.
Interesting in the section: Overview of wallets for storing cryptocurrency
MetaMask is a malicious wallet for Ethereum
According to Stefanko, MetaMask is the first viral "clipper" that has been on the Google Play store for so long (almost a week). The essence of malware is that it copies and sends information about the victim's private keys.
Recall that all addresses of online wallets, for higher security, consist of long chains of characters. Instead of typing long codes each time, users usually copy and paste addresses using the clipboard. "Clippers" applications use this. They intercept the contents of the clipboard and provide the attacker with all the addresses, passwords, or replace the existing wallet address with another one. That is, in the case of crypto-transactions, the user can eventually get the copied wallet address of the attacker and send tokens to him.
This form of software was first discovered in 2017 on the Windows platform. Then, it was discovered in the "shadow stores" of Android apps in the summer of 2018. And in February 2019, a malicious clipper application was placed on Google Play, the official Android application store.
"The malicious clipper is aimed at users of the mobile version of the MetaMask crypto-wallet, which is designed for Ethereum-based tokens. Once discovered, this service no longer has a mobile app – only extensions for Chrome and Firefox desktop browsers." – Lukas Stefanko.
Interesting in the section: Features of the Augur platform
In the Google Play store, malware MetaMask was discovered that was disguised as a crypto-wallet for Ethereum. The malicious nature of the MetaMask application was ascertained just a few days after its appearance in the android store. MetaMask appeared on Google Play on February 1, and already on February 7, the program was exposed by Google robots and removed from the list.
Editor: Pereyidenko Ihor