First Clipper Malware Discovered and Removed from Android’s Play Store

For the first time ever, a malicious app designed to steal cryptocurrencies from gullible victims has been discovered on Play Store, Android’s official app store.

Google, in its prompt response, took the app down after research from a security firm, ESET spotted the malware and reported it. Anyone who had downloaded it before the removal still remains affected.

This form of dangerous malware had made its rounds on the Windows platform in 2017 and was quickly discovered in 2018 in third-party Android stores. ESET also discovered a similar clipper malware was discovered on, one of the world’s popular software hosting sites.   


The malware app called MetaMask posed to be a legitimate app designed to run Ethereum decentralized apps without the need for running a full Ethereum node.

The reality, however, is that the real MetaMask do not own a mobile app yet and only run add-ons for Mozilla Firefox and Chrome desktop browsers.

ESET disclosed that once installed, the malware creeps through user’s credentials like cryptocurrency wallet addresses that have already been pasted on Android clipboard.

Due to security reasons, crypto wallet addresses are usually composed of a lengthy string of characters which are quite impossible to commit to memory or type manually. Users, therefore, copy and paste the addresses with the aid of the clipboard.

ESET also revealed that the clipper malware, after finding the user’s wallet address, replaces it with the address of the hacker, without the knowledge of the user.

Therefore, when users eventually decide to make transactions, they copy what they think is their wallet own address and transfer Ethereum funds to the attacker’s wallet address.

This malware was launched on Play Store earlier this month and had tricked users into thinking it was a mobile roll-out of the company.

The security firm concluded that users had a role to play in ending malware distribution; by updating their Android device regularly, installing a reliable mobile security app, and double checking every online transaction process from start to finish.

A strong recommendation to check the official website of service developers for a link to the official mobile app was also disclosed.