Malware researcher and cybersecurity expert, Lukas Stefanko just discovered something concerning in the Google Play store. Stefanko, who specializes in Android security found a MetaMask imposter that is designed to steal passwords or security phrases.
Lukas let his followers on Twitter know about the issue.
The First Android cryptocurrency clipboard exchanger found on Google Play.
Its goal is to change copied address of cryptocurrency wallet of recipient for the attacker’s.
Malware also impersonates @metamask_io service and lures PK, password or phrase.https://t.co/tInkzv9kcS pic.twitter.com/2tDqfNimUJ
— Lukas Stefanko (@LukasStefanko) February 8, 2019
While they have announced that one is in development, MetaMask has not even launched a mobile app yet. The imposters created an account for “Mmask Inc” and uploaded the fake MetaMask app.
Once the app is downloaded, users are vulnerable to having their private keys stolen and risk having all their cryptocurrency taken. The malware app also has a function that works to replace the copied Bitcoin addresses, for example, and replaces it with an address that the scammers have access to.
“Clipper” malware apps were being reported on throughout 2018. Leaders in the cryptocurrency community responded by constantly reminding users to check and double check the addresses they are entering before finalizing transactions.
But once downloaded, users can become extremely vulnerable to a number of different cyber attacks. Using the utmost diligence when making cryptocurrency transactions is an important first step for security; however, to truly combat attacks users must also be aware of these types of apps and know how to avoid downloading them in the first place.
Stefanko offers updated videos on a regular basis to highlight the dangers that lurk in the cyberspace and heighten malware awareness and security.
He notes that although malware apps like this have been spotted before, this is the first time one of them have made it to the official Google Play store.