Security researchers discovered another malicious app hosted on the Google Play store.
This time, the malicious app specifies cryptocurrency users. According to researchers from the IT security company Eset, the app app released a browser-based service designed to run decentralized Ehtereum apps without running a full Ethereum node.
The service, called & # 39; MetaMask & # 39;, is only available as an extension for desktop browsers such as Chrome and Firefox.
However, the fake MetaMask app heading for the Play Store was designed to alert users to sharing credentials and private keys to allow attackers to control the victims' Ethereum and Bitcoin funds.
Worse, Eset's researchers said the app contained "clipper". malware. Called & # 39; Android / Clipper.C & # 39; Of researchers, malware could access and change text on the Android clipboard.
Typically, the cryptocurrency wallet addresses long lines of characters for security purposes. Users usually copy and paste them instead of printing them.
Not only did cutter malware access to addresses that users had copied to their Android phone, but it also allowed attackers to replace the copied address with another wallet address. This could allow attackers to trick users into sending cryptocurrency funds to the wrong wallet.
It is worth noting that Google plans to change how Android's copy and paste system works in Android Q. New permissions will limit when and how apps can access the clipboard and possibly combat this type of malware.
Eset says it discovered the fake MetaMask app on the Play Store shortly after it appeared February 1. Google removed the app after Eset announced the search giant.
Unfortunately, there is no completely correct way to detect and avoid malicious apps like this yet. As such, users should always be careful when downloading apps, especially if they don't have many downloads. It is also worth investigating official websites. In the case of MetaMask, the official website does not mention an Android app.
Recently, several malicious apps discovered in the Play Store have stolen users' photos and pushed pornographic ads to people's phones.
Source: Eset Via: Ars Technica