Android Clipboard Hijacking Crypto Malware

  • CERT Admin
  • Mon Feb 11 2019
  • Alerts

Systems Affected 

Android Devices

Threat Level



Malware described as a "Clipper", pretend to be a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet address which is copied into the android clipboard (Where copied text is located on android applications) with one belonging to the attackers.


This clipper malware steal user's cryptocurrency. In order to do this, users will be tricked by attackers into installing the malicious app that impersonated a legitimate cryptocurrency service known as MetaMask.

MetaMask is accessible only as an internet browser expansion for Chrome, Firefox, Opera, or Brave, and isn't yet propelled on any portable application stores.

However, there is a malicious MetaMask app on Play Store targeting users who want to use the mobile version of the service by changing their legitimate cryptocurrency wallet address to the hacker's own address via the clipboard.

As a result, users who intended to transfer funds into a cryptocurrency wallet of their choice would instead make a deposit into the attacker's wallet address pasted by the malicious app.


  ✦  Steal cryptocurrency from your wallet using android clipboard.
  ✦  Financial losses incurred to loosing cryptocurrency.

Solution/ Workarounds 

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.



The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Mon Feb 11 2019