The Google Play Store is supposed to be a safe haven for Android phone users to find and install apps.
But a new type of malware called a “clipper” has found its way onto the official store.
That’s according to experts at cybersecurity firm ESET, who say this type of malware can target buyers and sellers of Bitcoin and other cryptocurrencies.
It works by taking advantage of the fact that Bitcoin wallets have long and confusing names.
“For security reasons, addresses of online cryptocurrency wallets are composed of long strings of characters,” explain researchers.
“Instead of typing them, users tend to copy and paste the addresses using the clipboard.”
It’s at this point where the “clipper” malware steps in, and scams you out of money.
If you’ve got a dodgy “clipper” app installed, it’ll redirect your funds to a criminal’s Bitcoin wallet.
“It intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert,” ESET explains.
“In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker.”
Tube worker trying to pay for his wife’s hospital treatment lost £16,000 to bitcoin investment scammers
According to experts, this type of malware first “made its rounds” on Windows in 2017.
It later turned up on dodgy Android app stores, before finally making its way to the official Google Play Store.
“Although relatively new, cryptocurrency stealers that rely on altering the clipboard’s content can be considered established malware,” researchers explain.
“ESET researchers even discovered one hosted on download.cnet.com, one of the most popular software-hosting sites in the world.
“In August 2018, the first Android clipper was discovered being sold on underground hacking forums and since then, this malware has been detected in several shady app stores.”
The “clipper” app found in the Google Play Store by ESET’s security team was impersonating a legitimate service called MetaMask.
The malware is designed to steal your Bitcoin login credentials, but also swap out your Bitcoin wallet addresses to divert funds to crooks.
Experts reported the app shortly after it appeared on the Google store on February 1, and it was later removed.
We’ve asked Google for comment and will update this story with any response.
How to stay safe from Android ‘clipper’ malware
Here’s the official advice from security experts at ESET…
Keep your Android device updated and use a reliable mobile security solution
Stick to the official Google Play store when downloading apps…
…however, always check the official website of the app developer or service provider for the link to the official app. If there is not one, consider it a red flag and be extremely cautious to any result of your Google Play search
Double-check every step in all transactions that involve anything valuable, from sensitive information to money.
When using the clipboard, always check if what you pasted is what you intended to enter.