A fake app in the Google Play store that would have re-routed crypto transactions to a third-party address has recently been discovered by a cybersecurity team. ESET flagged up the software, which was disguised as an app from the popular service MetaMask, last week, after discovering that it used ‘clipper’ software to target cryptocurrency users and steal their funds.
What is ‘Clipper’ Malware?
Cryptocurrency wallet addresses are composed of long strings of characters, so instead of typing them, users tend to copy and paste the addresses using a computer’s clipboard, as this reduces the chances of a mistake. A clipper takes advantage of this, intercepting the content of the clipboard and replacing it surreptitiously with an alternative address. In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address being switched to one belonging to the attacker. An example of this, which actually occurred in June 2018, was submitted to BitStarz and shows how the attack works in real life:
Hackers Getting Smarter
The app, now removed, resembled an official MetaMask app so accurately that without specialist software, or MetaMask reporting it, there would have been no reason why it would have been suspected as a rogue app. The fact that it looked every inch the authentic app, and that it appeared in a legitimate portal trusted by millions, shows that the scammers and the hackers have upped their game from just pretending to be celebrities and requesting Bitcoin on Twitter.
How to Protect Yourself
The solution to avoid being fooled by apps such as these is to verify them through the company. All companies will advertise if they have a mobile app, so taking a few seconds out to verify if the company advertises the app on their website or social media is a simple step to protecting yourself. This is particularly important if the app is new or has very few downloads, as this should raise suspicions.
If you can’t find an official announcement from the company about a mobile app and there is very little online about it, follow the golden rule – if in doubt, leave it out.