First Case of Crypto-Jacking 'Clipper' Malware Found on Google Play Store

Published on by Cryptoslate | Published on

A new form of cryptocurrency-stealing malware has been identified in the Google Play store.

Dubbed 'clipper' malware, it was discovered inside an app impersonating MetaMask-a full browser extension which allows Ethereum-based apps to run on a browser without running a full Ethereum node.

Clipper malware works by taking advantage of the copy-paste feature.

Crypto apps are especially vulnerable because they require that users input long and complicated cryptocurrency addresses.

The malware then monitors the clipboard of the infected system and identifies values that look like a wallet address.

Once identified, the malware swaps the victim's address for the hacker's address.

If the victim completes the transaction without noticing the change, the crypto gets deposited in the attacker's account instead. This malicious app was discovered by cybersecurity company Eset and is the first known app of its kind to pass Google's vetting procedures.

There has been much discussion about what has now been dubbed as 'crypto-jacking' which is coin mining that is done using the computing power of other people's machines.

Another crypto-jacking attack is performed via email, where a user is phished and malicious mining software is installed on the victim's computer.

"Coin miners made up 24 percent of all web attacks blocked in December 2017, and 16 percent of web attacks blocked in the last three months of 2017, demonstrating the big impact of these browser-based coin miners," the report from Symantec read.Did you like this article? Join us.