A dangerous app that steals bitcoin and other types of cryptocurrency from people’s phones has been discovered in the official Android app store Google Play.
Security researchers at ESET discovered the so-called ‘clipper’ malware in early February within a legitimate-looking app called MetaMask.
The malware works by intercepting cryptocurrency wallet addresses, which are used to send funds online from one account to another.
Bitcoin wallet addresses are composed of long strings of characters for security reasons, meaning people tend to copy and paste them rather than typing them out.
By intercepting the address when it is copied and secretly replace it with a wallet address of their own, attackers were able to redirect funds to their own accounts.
It is not the first time this type of malware has been discovered on Android apps, though infected apps had never before appeared in the official Google Play store.
“This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018,” ESET researcher Lukas Stefanko wrote in a blog post detailing the discovery.
“The clipper we found lurking in the Google Play store… impersonates a lefitimate service called MetaMask. The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s ethereum funds.”
The malware is also able to replace a bitcoin or ethereum wallet address copied with one belonging to the attacker.
MetaMask has since been removed from the Google Play store and no other known instances of the malware is currently present on the app store. A spokesperson for Google was not immediately available for comment.
In the wake of the discovery, ESET researchers advised Android users to keep their devices updated and to avoid downloading apps from any unofficial sources.
“Always check the official website of the app developer or service provider for the link to the official app. If there is not one, consider it a red flag and be extremely cautious to any result of your Google Play search,” Mr Stefanko wrote.
“Double-check every step in all transactions that involve anything valuable, from sensitive information to money. When using the clipboard, always check if what you pasted is what you intended to enter.”