Those in possession of cryptocurrency tokens should once again be made aware of yet another malware-based scam that has recently been discovered on the Google Play store. Known as ‘Clipper’, it is believed that the mobile application is attempting to mimic the hugely popular cryptocurrency wallet MetaMask.
For those not familiar with MetaMask, it is a highly innovative browser-based cryptocurrency wallet that allows users to seamlessly send and receive funds via their browser. Not only this, but the browser extension also allows users to access decentralized Ethereum applications.
However, long-term associates of MetaMask will know full well that a mobile application does not exist. As such, the ‘Clipper’ application is nothing but an imitation.
How does the Clipper application strike?
In a nutshell, the Clipper mobile application has been designed in such a manner that it has the capacity to track text that is copied and pasted. In order for the Clipper tracker to activate, all it needs is for the user to download the application via Google Play. Once they do, anything that they subsequently copy and paste within their mobile browser will be fed directly to the scammers behind the app.
The Fake Metamask App, Image from WeLiveSecurity
This is highly fundamental for those that use their smartphone to send and receive cryptocurrencies. The key reason for this is that the vast majority of cryptocurrency users will copy and paste their wallet credentials, rather than entering them manually. This is because private keys are of significant size, making it virtually impossible to type correctly with any certainty.
Recognizing that just a single incorrect character can result in a loss of funds, users instead decide to copy and paste their credentials. Moving forward, if the crooks are able to obtain the wallet credentials from the victim’s phone, they will then replace the recipient’s public wallet address with their own details. As the underlying blockchain technology that supports cryptocurrencies is immutable, intercepted transactions are effectively irreversible.
Although Google Play claims to have a stringent verification process to ensure that it does not allow malicious applications to list on its store, Clipper successfully bypassed the checks. Whilst Clipper was able to breach the safeguards implemented by Google Play, cyber-security firm Eset were able to pick up on the scheme.
Malicious Cryptocurrency Apps Continue to Breach Google Play Safeguards
This isn’t the first time that a malicious cryptocurrency mobile application has managed to breach the Google Play store. Back in November 2018, Blockonomi reported that four cryptocurrency wallet imitations were found on the platform.
Luka Stefanko, a malware researcher that notified the public about the malicious apps, explained that cryptocurrency wallets supporting Tether, NEO and Ethereum were listed on Google Play, even though they were nothing more than an imitation. On top of this, a MetaMask imitation was also found. Regarding the latter, it wouldn’t be difficult for the scammers to dupe victims in to installing the MetaMask fake, for one key reason.
If users are specifically looking for a MetaMask mobile wallet, and are not aware that one is not in existence, then there would be no reason for them not to initiate the download. Stefanko continued to add that the fake NEO wallet had experienced more than 1,000 individual downloads.
In effect, as soon as duped victims access fake cryptocurrency wallets, the interface will ask the user to enter their private key credentials. Once they do, this will be fed directly to the scammers, potentially resulting in the victim losing their entire balance.
Ultimately, if more and more malicious cryptocurrency-based applications manage to make it on to the Google Play store, then Google might be forced to revisit its sentiment towards blockchain related apps.
