Systems Affected
Android Devices
Threat Level
High
Overview
Malware described as a "Clipper", pretend to be a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet address which is copied into the android clipboard (Where copied text is located on android applications) with one belonging to the attackers.
Description
This clipper malware steal user's cryptocurrency. In order to do this, users will be tricked by attackers into installing the malicious app that impersonated a legitimate cryptocurrency service known as MetaMask.
MetaMask is accessible only as an internet browser expansion for Chrome, Firefox, Opera, or Brave, and isn't yet propelled on any portable application stores.
However, there is a malicious MetaMask app on Play Store targeting users who want to use the mobile version of the service by changing their legitimate cryptocurrency wallet address to the hacker's own address via the clipboard.
As a result, users who intended to transfer funds into a cryptocurrency wallet of their choice would instead make a deposit into the attacker's wallet address pasted by the malicious app.
Impact
✦ Steal cryptocurrency from your wallet using android clipboard.
✦ Financial losses incurred to loosing cryptocurrency.
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
https://thehackernews.com/2019/02/android-clickboard-hijacking.html
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.