First Case of Crypto-Jacking ‘Clipper’ Malware Found on Google Play Store

First Case of Crypto-Jacking ‘Clipper’ Malware Found on Google Play Store

A new form of cryptocurrency-stealing malware has been identified in the Google Play store. Dubbed ‘clipper’ malware, it was discovered inside an app impersonating MetaMask—a full browser extension which allows Ethereum-based apps to run on a browser without running a full Ethereum node.

Clipper malware works by taking advantage of the copy-paste feature. Crypto apps are especially vulnerable because they require that users input long and complicated cryptocurrency addresses. The malware then monitors the clipboard of the infected system and identifies values that look like a wallet address.

Once identified, the malware swaps the victim’s address for the hacker’s address. If the victim completes the transaction without noticing the change, the crypto gets deposited in the attacker’s account instead.

First reported on WeLiveSecurity, This malicious app was discovered by cybersecurity company ESET and is the first known app of its kind to pass Google’s vetting procedures.

Malware and other software targeted at cryptocurrency users has become increasingly prevalent because of the ease of monetary gain via stealing crypto, especially when compared to other methods such as data ransom and identity fraud which tend to be more labor intensive

There has been much discussion about what has now been dubbed as ‘crypto-jacking’ which is coin mining that is done using the computing power of other people’s machines. This form of hacking hit mainstream media when it was discovered on popular torrent site The Pirate Bay, which was using a web browser miner called CoinHive.

Another crypto-jacking attack is performed via email, where a user is phished and malicious mining software is installed on the victim’s computer.

However, this brings up a question of ethics, as there are some who have expressed that they would permit cryptocurrency mining in this manner, in exchange for web services such as The Pirate Bay, if they were notified about it.

A study conducted in late 2017 showed just how quickly crypto-jacking rose to prominence:

“Coin miners made up 24 percent of all web attacks blocked in December 2017, and 16 percent of web attacks blocked in the last three months of 2017, demonstrating the big impact of these browser-based coin miners,” the report from Symantec read.

Posted In: Hacks, Scams

The above advertisement is an referral link.

Invest with AMFEIX

Like what you see? Subscribe to CryptoSlate

Get our daily newsletter containing the top blockchain stories and crypto analysis straight to your inbox.

Sign up to stay informed
Darryn Pollock

Darryn is an award-winning journalist that began his career covering sports for a major national newspaper group in South Africa. Since then, he has married his interest in blockchain and cryptocurrency and looks to cover the emerging ecosystem as thoroughly as possible. He is particularly interested in the technical and economic impact of cryptocurrency.

View author profile

Commitment to Transparency: The author of this article is invested and/or has an interest in one or more assets discussed in this post. CryptoSlate does not endorse any project or asset that may be mentioned or linked to in this article. Please take that into consideration when evaluating the content within this article.

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.