Google Play has once again caused security concerns in the cryptocurrency community, with the discovery of a Malware named “Clipper,” making the rounds on the application store.
“Clipper” was first seen in an impersonation of MetaMask, a full-browser extension that allows a web-browser to run Ethereum applications without the full node. The malware keeps a track of the copy-paste clipboard in the affected system and corresponds those values to the alpha-numeric code of the user’s cryptocurrency address. Since the address is quite complicated, several users use the copy-paste shortcut to enter the code, the same is the target of the malware.
After the address is identified whilst on the device’s clipboard, the hacker will replace the original address with his own, if this swap is not detected, the cryptocurrency in the said transaction will flow to the hacker’s account.
Clipper was the first known malware application of this sort to breach Google’s robust verification procedure; the application was eventually picked up by Eset, a cybersecurity company.
Since cryptocurrencies are dependent on technology and large-scale investment, they have been the easiest target for malicious actors who curate a phony-technology that can circumvent a user’s computer and security system in place, and steal their cryptocurrencies right off their device.
Moreover, instead of stealing the actual cryptocurrency, malicious software has been created to steal the computational power off a device, which will allow third-party users to use the device to mine cryptocurrencies, a process called, “crypto-jacking”.
Popular websites like the file-sharing giant, The Pirate Bay, used the web browser miner called CoinHive to ‘crypto-jack’ their customers’ home devices. Some users felt cheated about the mining scam, others were compliant if they received a service and were informed about the same by The Pirate Bay,