ESET: the first malware crawler on Google Play

Her researchers ESET they discovered the first Android malware which can replace the contents of the clipboard (clipboard) of a device in Google Play. The so-called "clip»Aims at cryptocurrency transactions Bitcoin and Ethereum, aiming to redirect the transfer of funds to the attacker's wallet instead of to the victim.

"This discovery shows that the clippers, which can redirect crypto amounts, no longer only meet Windows or "suspicious" Android Forums. Now, all users Android they have to be careful, "he comments Lukš Štefanko, Malware Researcher ESET.

The clip recently discovered is detected by the solutions security of ESET as Android / Clipper.C. It malware this takes advantage of the fact that use functions with cryptocurrency transactions, usually not import manually their e-wallet addresses. Instead of them type, users tend to copy and paste paste the addresses using the clipboard. Malware can replace the address of the user with a belonging to the intruder.

The clippers first appeared on pthe Windows 2017. 2018 indeed, ESET researchers found three such malicious applications at, one of the most popular software hosting sites in the world. In August at 2018, was discovered τthe first Android clip that were sold in hacking forums and ever since, this malware has been detected in many illegally application stores.

Until 2019, Android users who used only the official Google Play app store was completely safe from tα clippers. That changed in February at 2019 when ESET researchers discovered the first clipper at Google Play. «Fortunately, we found this clipper as soon as he appeared on Google Play. We mentioned this in the Google Play security team, which led to the removal of the applicationς From the store», says Lukáš Štefanko.

The clip που they discovered The researchers of ESET on store Google Play mimics a legitimate one service called Dappradar. The Dappradar allows decentralized Ethereum applications to run in a browser without having to run the whole thing the node of Ethereum. It is available with the form extensions only for browsers for desktop, such as Chrome and Firefox, while din there is a mobile version. ESET

"There seems to be a demand for a mobile MetaMask version. Cybercriminals are aware of this demand and are importing insidious malware that mimics this service in Google Play», Lukáš Štefanko warns.

Also, this older malware that imitates the MetaMask aims in deposits Bitcoin or Ethereum of the user, however, only trying trick the user into entering the wallet address into one false form and thus disclose this sensitive information to the attacker.

«Having installed a clipper on the victim 's device, h Posting cash is easy. Τthe victims themselves send unwittingly moneyα directly to cybercrime» explains Lukáš Štefanko.

By appearance of malware clipper for the first time on Google Play, the users Android should be even more careful and follow best practices for the safety of mobile their phone.

Γyes to remain safe from clippers and other malware που aim into a Android, η ESET advises their users to:

  • They keep the Android device their up-to-date and to they use a trustworthy solution security for cell phones.

  • Use only official Google Play store for downloading applications...

  • ...controlling however always the official site of programmer of application ή the provider services for This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. link που leads in official application. If there is nothing relevant, users should consider it suspicious and be particularly careful with any search result on Google Play

  • To scrutinize every step of every transaction related to anything from sensitive information to money. When using the clipboard (clipboard), always check if what they pasted is what they wanted to import.

The indicators IOC (Indicators of Compromise) and more technical details are below article.

The discovery coincides with the conduct of the Mobile World Congress in Barcelona, ​​in which ESET participates. Researcher Lukáš Štefanko will be on the ESET stand and will be available for interviews. ESET will investigate Machine Learning / Artificial Intelligence Thematic, will present new research and important findings on mobile security and present its security solutions from its stand (Hall 7, stand 7H41) during the global exhibition at 25- 28 February 2019 in Barcelona.



Subscribe to the Blog via Email

Enter your email to subscribe to the email notification service for new posts.

Read them Technology News from all over the world, with the validity of

Follow us on Google News at Google news