MetaMask users need to be cautious with their cryptocurrencies as a Malware called Clipper is allegedly spreading all over the internet and stealing cryptos from users.
The addresses of e-wallets come in the form of long strings of characters for security. With that, users, usually copy and paste cryptocurrency wallet addresses when transferring funds from one account to another.
The Clipper takes advantage of this mechanism. It dabbles with the content of the clipboard, and instead of pasting your cryptocurrency address into the transaction, you will be inputting the address of the hacker.
This isn't the first time we've been introduced to this malware. The Clipper first hit the rounds of the internet back in 2007, initially hiding beneath the corners of forum sites.
On the summer of 2018, it was spotted once again, but this time on shade apps found in Google Play Store. Many researchers even found it on download.cnet.com, which is a popular choice for pirated downloads.
Aside from that, it was also discovered that the Clipper malware was being sold in underground hacker communities.
Finally, February this year, we've found this Malware imitating MetaMask in Google Play. While its primary purpose is to steal a person's private keys and credentials as a way to seize control of the user's Ethereum coins. On another note, this also can alter the clipboard into containing the hacker's cryptocurrency address instead of the original user.
The funny this is MetaMask, which is designed to enable the user to run Ethereum DApps don't have an android application.
After the MetaMask-copying Clipper made it to Google Play Store, it only took as a short while to discover it and report it to Google Security. The app is no longer available in the app store and won't be harming any more users.
However, considering this incident, we highly advise crypto users to get into the know-how of securing their funds from crypto hackers. The Clipper might be gone out of Google Play Store for now, but you'll never know when it will be back again. Nor do you know what kind of app it sets out to imitate next.
To boost your device's security, we advise you to update your Android into its latest software, use a reliable mobile antivirus, and only use Google Play for app downloads. Apart from that, it might also be a good idea to check out the developer website before downloading apps that are unfamiliar, as well as double check every step in the transaction if there are portions that involve revealing sensitive or valuable information.