A dangerous app that steals bitcoin and other types of cryptocurrency from people’s phones has been discovered in the official Android app store Google Play.
Security researchers at ESET discovered the so-called ‘clipper’ malware in early February within a legitimate-looking app called MetaMask.
The malware works by intercepting cryptocurrency wallet addresses, which are used to send funds online from one account to another.
Join Independent Minds
For exclusive articles, events and an advertising-free read for just
£5.99
€6.99
$9.99
a month
Get the best of The Independent
With an Independent Minds subscription for just
£5.99
€6.99
$9.99
a month
Bitcoin wallet addresses are composed of long strings of characters for security reasons, meaning people tend to copy and paste them rather than typing them out.
By intercepting the address when it is copied and secretly replace it with a wallet address of their own, attackers were able to redirect funds to their own accounts.
1/8 Satoshi Nakamoto creates the first bitcoin block in 2009
On 3 January, 2009, the genesis block of bitcoin appeared. It came less than a year after the pseudonymous creator Satoshi Nakamoto detailed the cryptocurrency in a paper titled ‘Bitcoin: A peer-to-Peer Electronic Cash System’
Reuters
2/8 Bitcoin is used as a currency for the first time
On 22 May, 2010, the first ever real-world bitcoin transaction took place. Lazlo Hanyecz bought two pizzas for 10,000 bitcoins – the equivalent of $90 million at today’s prices
Lazlo Hanyecz
3/8 Silk Road opens for business
Bitcoin soon gained notoriety for its use on the dark web. The Silk Road marketplace, established in 2011, was the first of hundreds of sites to offer illegal drugs and services in exchange for bitcoin
4/8 The first bitcoin ATM appears
On 29 October, 2013, the first ever bitcoin ATM was installed in a coffee shop in Vancouver, Canada. The machine allowed people to exchange bitcoins for cash
REUTERS/Dimitris Michalakis
5/8 The fall of MtGox
The world’s biggest bitcoin exchange, MtGox, filed for bankruptcy in February 2014 after losing almost 750,000 of its customers bitcoins. At the time, this was around 7 per cent of all bitcoins and the market inevitably crashed
Getty Images
6/8 Would the real Satoshi Nakamoto please stand up
In 2015, Australian police raided the home of Craig Wright after the entrepreneur claimed he was Satoshi Nakamoto. He later rescinded the claim
Getty Images
7/8 Bitcoin’s big split
On 1 August, 2017, an unresolvable dispute within the bitcoin community saw the network split. The fork of bitcoin’s underlying blockchain technology spawned a new cryptocurrency: Bitcoin cash
REUTERS
8/8 Bitcoin’s price sky rockets
Towards the end of 2017, the price of bitcoin surged to almost $20,000. This represented a 1,300 per cent increase from its price at the start of the year
Reuters
1/8 Satoshi Nakamoto creates the first bitcoin block in 2009
On 3 January, 2009, the genesis block of bitcoin appeared. It came less than a year after the pseudonymous creator Satoshi Nakamoto detailed the cryptocurrency in a paper titled ‘Bitcoin: A peer-to-Peer Electronic Cash System’
Reuters
2/8 Bitcoin is used as a currency for the first time
On 22 May, 2010, the first ever real-world bitcoin transaction took place. Lazlo Hanyecz bought two pizzas for 10,000 bitcoins – the equivalent of $90 million at today’s prices
Lazlo Hanyecz
3/8 Silk Road opens for business
Bitcoin soon gained notoriety for its use on the dark web. The Silk Road marketplace, established in 2011, was the first of hundreds of sites to offer illegal drugs and services in exchange for bitcoin
4/8 The first bitcoin ATM appears
On 29 October, 2013, the first ever bitcoin ATM was installed in a coffee shop in Vancouver, Canada. The machine allowed people to exchange bitcoins for cash
REUTERS/Dimitris Michalakis
5/8 The fall of MtGox
The world’s biggest bitcoin exchange, MtGox, filed for bankruptcy in February 2014 after losing almost 750,000 of its customers bitcoins. At the time, this was around 7 per cent of all bitcoins and the market inevitably crashed
Getty Images
6/8 Would the real Satoshi Nakamoto please stand up
In 2015, Australian police raided the home of Craig Wright after the entrepreneur claimed he was Satoshi Nakamoto. He later rescinded the claim
Getty Images
7/8 Bitcoin’s big split
On 1 August, 2017, an unresolvable dispute within the bitcoin community saw the network split. The fork of bitcoin’s underlying blockchain technology spawned a new cryptocurrency: Bitcoin cash
REUTERS
8/8 Bitcoin’s price sky rockets
Towards the end of 2017, the price of bitcoin surged to almost $20,000. This represented a 1,300 per cent increase from its price at the start of the year
Reuters
It is not the first time this type of malware has been discovered on Android apps, though infected apps had never before appeared in the official Google Play store.
“This dangerous form of malware first made its rounds in 2017 on the Windows platform and was spotted in shady Android app stores in the summer of 2018,” ESET researcher Lukas Stefanko wrote in a blog post detailing the discovery.
“The clipper we found lurking in the Google Play store… impersonates a lefitimate service called MetaMask. The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s ethereum funds.”
The malware is also able to replace a bitcoin or ethereum wallet address copied with one belonging to the attacker.
MetaMask has since been removed from the Google Play store and no other known instances of the malware is currently present on the app store. A spokesperson for Google was not immediately available for comment.
In the wake of the discovery, ESET researchers advised Android users to keep their devices updated and to avoid downloading apps from any unofficial sources.
“Always check the official website of the app developer or service provider for the link to the official app. If there is not one, consider it a red flag and be extremely cautious to any result of your Google Play search,” Mr Stefanko wrote.
“Double-check every step in all transactions that involve anything valuable, from sensitive information to money. When using the clipboard, always check if what you pasted is what you intended to enter.”
