MetaMask is a legitimate decentralised dApp, but it has recently experienced problems with scammers. Cybersecuirty firm Eset reported that malware impersonating MetaMask had appeared in the Google Play.
MetaMask is one of the oldest ethereum-based dApps and it has been the victim of scams before. In July last year, Google developers pulled the app from Google Play altogether, leaving only fake impersonations. This action was a mistake, as MetaMask reported. MetaMask’s mobile app, which was the target this time, was only launched last November.
Thankfully, following the tip-off from Eset, Google removed the malware, which replaces computer clipboard information in an attempt to steal cryptocurrency,
The malware is known as ‘Clipper’ and it replaces copied cryptocurrency wallet addresses with an address belonging to a scammer; the aim being to have the funds sent elsewhere without the user noticing.
Eset remarked that this is the first time malware of this type has made it past Google’s vetting procedures. Eset explained, “The clipper we found lurking in the Google Play store, detected by ESET security solutions as Android/Clipper.C, impersonates a legitimate service called MetaMask. A spokesperson for Eset went on to say, “The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds. However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.”