For the first time, a Crypto malware has been found on an app that is hosted on the Google play store. This is according to a blog post that was published last Friday by ESET a security firm.
The security company discovered the malware-laden app which was impersonating MetaMask, a service that provides access to the Ethereum decentralized applications better known as dApps.
The Crypto malware is known as “clipper,” and it intercepts the contents on the clipboard. Also, it is designed to find the addresses of online crypto wallets and replace them with the attacker’s addresses.
ESET said that the primary purpose of the malware was to steal the private keys and credentials of MetaMask users’. This information could then be used to access the user’s Ethereum funds.
However, the Crypto malware can intercept Bitcoin and Ethereum wallet addresses copied on the clipboard.
Interestingly, MetaMask does not offer an app product that can be accessed through mobile devices. It’s the reason that made ESET suspicious about the fake application. After its discovery, the team at the security firm reported the matter to Google’s security team, and the app was removed from the Play Store.
After hearing about the existence of the fake malware-laden crypto app MetaMask tweeted:
“We would appreciate if @GooglePlayDev would reserve trademarked names for apps, especially repeat phishing targets like us.”
As it turns out, this isn’t the first time Metamask has had a problem with Google. Last July, the company’s browser extension was mistakenly removed from the Google Chrome Web Store for five hours before it was restored.
At the time Kevin Serrano, an employee at ConsenSys said that “For a product that enables decentralized technology, [MetaMask] has centralized points of failure.”
It was a statement that highlighted one of the issues that blockchain entrepreneurs have been struggling with since the industry came to existence.
Do you agree with MetaMask’s message to the GooglePlayDev team? Share your thoughts in the comment section below.