The first clipper malware has been found on Google Play. Malicious software disguised as a MetaMask DApp was discovered in the Google Play Store by Eset expert Lucas Stefanko. The malware was removed by Google at the beginning of the month after a tip-off from Eset researchers.
Clipper malware replaces copied cryptocurrency wallet addresses with a hacker’s address in the hope funds will be sent elsewhere without the user noticing.
“The clipper we found in the Google Play store impersonates a legitimate service called MetaMask. The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds,” Eset explained.
MetaMask DApp has fallen victim to malicious schemes before. In July 2018, Google developers mistakenly deleted the MetaMask app from Google Play altogether, leaving only fake ones.