New Crypto-Stealing ‘Clipper’ Malware Found in Google Play Store


Security researchers at ESET found a new “clipper” malware in the Google Play Store that subverts users copying and pasting crypto wallet addresses.

There’s a lot of ease in using Bitcoin and its virtual currency brethren. In the blink of an eye, one can send cryptocurrency to anyone in the world by just entering a cryptocurrency wallet address and hitting send. However, such wallet addresses are long strings of multiple characters, which most people just copy and paste when sending crypto. This action is being exploited by hackers via a new “clipper” malware that was recently found in the Google Play Store.

‘Clipper’ Malware Is Devious

Researchers at ESET have been tracking a new kind of malware that’s known as a “clipper.” This malware first came to light in 2017 and has popped up in few places since then, such as hacker forums and even showing up on the CNET download site. Now it has shown up again as an Android app in the Google Play Store.

New Android malware app steals crypto.

The malware program is called Android/Clipper.C, and it uses the act of users copying and pasting wallet addresses to steal crypto. When a user copies a wallet address to the clipboard, Android/Clipper.C will then change the address to a different one. The result is that the cryptocurrency being sent will make its way into the criminal’s coffers and not the intended recipient.

To get people to download this malicious Android app, it is disguised as the popular MetaMask app.

Removed from Store

ESET researchers notified the Google Play Store about Android/Clipper.C, and the malware was then removed from the store. There’s no word on how many times it was downloaded, but the fact that it appeared on a site trusted by millions should give one pause when deciding to download a new app.

Android/Clipper.C was removed from the Google Play Store.

Overall, malware shows no signs of slowing down. 2018 saw a 4,000 percent increase in malware devoted to cryptocurrency mining, the most common type of crypto-related malware. Routers and IoT (Internet of Things) items are now commonly being targeted by cryptojacking malware.

By contrast, ransomware has dropped in use as cryptojacking programs have increased. Still, ransomware does represent major problems for any business or local government that is hit by them. Even a major urban metropolis like Atlanta was severely affected by ransomware in 2018.

ESET recommends the following steps to protect yourself from clippers and other Android malware:

  • Keep your Android device updated and use a reliable mobile security solution
  • Stick to the official Google Play store when downloading apps…
  • …however, always check the official website of the app developer or service provider for the link to the official app. If there is not one, consider it a red flag and be extremely cautious to any result of your Google Play search
  • Double-check every step in all transactions that involve anything valuable, from sensitive information to money. When using the clipboard, always check if what you pasted is what you intended to enter.

Have you been impacted by malware? Let us know in the comments below.

Images courtesy of Pixabay.


Please enter your comment!
Please enter your name here