Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Android Clipboard Hijacking Crypto Malware

 

Systems Affected


Android Devices

Threat Level


High


Overview


Malware described as a "Clipper", pretend to be a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet address which is copied into the android clipboard (Where copied text is located on android applications) with one belonging to the attackers.


Description


This clipper malware steal user's cryptocurrency. In order to do this, users will be tricked by attackers into installing the malicious app that impersonated a legitimate cryptocurrency service known as MetaMask.
MetaMask is accessible only as an internet browser expansion for Chrome, Firefox, Opera, or Brave, and isn't yet propelled on any portable application stores.
However, there is a malicious MetaMask app on Play Store targeting users who want to use the mobile version of the service by changing their legitimate cryptocurrency wallet address to the hacker's own address via the clipboard.
As a result, users who intended to transfer funds into a cryptocurrency wallet of their choice would instead make a deposit into the attacker's wallet address pasted by the malicious app.


Impact


  ✦  Steal cryptocurrency from your wallet using android clipboard.
  ✦  Financial losses incurred to loosing cryptocurrency.


Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


https://thehackernews.com/2019/02/android-clickboard-hijacking.html
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.