Bitcoin scam warning over ‘criminal’ Android apps on the official Google Store

Android

The Google Play Store is supposed to be a safe haven for Android phone users to find and install apps.

But a new type of malware called a “clipper” has found its way onto the official store.

That’s according to experts at cybersecurity firm ESET, who say this type of malware can target buyers and sellers of Bitcoin and other cryptocurrencies.

It works by taking advantage of the fact that Bitcoin wallets have long and confusing names.

<img class="lazyautosizes lazyloaded aligncenter" src="data:;base64,” sizes=”620px” srcset=”https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 180w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 360w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 540w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 720w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 900w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1080w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1296w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1512w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1728w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1944w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 2160w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 2376w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 2592w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 2808w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 3024w” alt=” Bitcoin is extremely valuable, so targeting users’ digital wallets is highly profitable for scammers” data-credit=”AFP or licensors” data-sizes=”auto” data-img=”https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?strip=all&w=960″ data-srcset=”https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 180w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 360w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 540w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 720w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 900w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1080w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1296w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1512w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1728w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 1944w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 2160w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 2376w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 2592w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 2808w, https://www.thesun.co.uk/wp-content/uploads/2019/02/NINTCHDBPICT000383115149.jpg?w=960 3024w” />

AFP OR LICENSORS
Bitcoin is extremely valuable, so targeting users’ digital wallets is highly profitable for scammers

“For security reasons, addresses of online cryptocurrency wallets are composed of long strings of characters,” explain researchers.

“Instead of typing them, users tend to copy and paste the addresses using the clipboard.”

It’s at this point where the “clipper” malware steps in, and scams you out of money.

If you’ve got a dodgy “clipper” app installed, it’ll redirect your funds to a criminal’s Bitcoin wallet.

“It intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert,” ESET explains.

“In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker.”

Tube worker trying to pay for his wife’s hospital treatment lost £16,000 to bitcoin investment scammers

According to experts, this type of malware first “made its rounds” on Windows in 2017.

It later turned up on dodgy Android app stores, before finally making its way to the official Google Play Store.

“Although relatively new, cryptocurrency stealers that rely on altering the clipboard’s content can be considered established malware,” researchers explain.

“ESET researchers even discovered one hosted on download.cnet.com, one of the most popular software-hosting sites in the world.

“In August 2018, the first Android clipper was discovered being sold on underground hacking forums and since then, this malware has been detected in several shady app stores.”

The “clipper” app found in the Google Play Store by ESET’s security team was impersonating a legitimate service called MetaMask.

The malware is designed to steal your Bitcoin login credentials, but also swap out your Bitcoin wallet addresses to divert funds to crooks.

Experts reported the app shortly after it appeared on the Google store on February 1, and it was later removed.

We’ve asked Google for comment and will update this story with any response.

How to stay safe from Android ‘clipper’ malware

Here’s the official advice from security experts at ESET…

  • Keep your Android device updated and use a reliable mobile security solution
  • Stick to the official Google Play store when downloading apps…
  • …however, always check the official website of the app developer or service provider for the link to the official app. If there is not one, consider it a red flag and be extremely cautious to any result of your Google Play search
  • Double-check every step in all transactions that involve anything valuable, from sensitive information to money.
  • When using the clipboard, always check if what you pasted is what you intended to enter.
[“source=thesun”]