First Cryptomalware That Hijacks Android Clipboards Was Discovered On Google Play

A security researcher has discovered yet another malware on the official Google Play Store that is designed to steal bitcoin and other cryptocurrencies from unsuspecting users.

The “Clipper” malware posed as a legitimate cryptocurrency app and replaced cryptocurrency wallet addresses copied into the Android clipboard with one belonging to the attackers, ESET researcher Lukas Stefanko wrote in a blog post.

Because cryptocurrency wallet addresses are comprised of long strings of characters for security purposes, users typically prefer to copy and paste them rather than type them.

This behavior was exploited by the newly discovered clipper malware, dubbed Android/Clipper.C by ESET, to steal cryptocurrency from users.

To accomplish this, attackers first duped users into installing a malicious app that impersonated a legitimate cryptocurrency service called MetaMask, claiming that it would allow users to run Ethereum-based decentralized applications in their web browsers without having to run a full Ethereum node.

Officially, MetaMask is only available as a web browser extension for Chrome, Firefox, Opera, and Brave; it has not yet been released on mobile app stores.

However, Stefanko discovered the malicious MetaMask app on the Google Play Store that targets users who wish to access the mobile version of the service by replacing their legitimate cryptocurrency wallet address with the hacker’s address via the clipboard.

As a result, users who intended to transfer funds to a wallet of their choosing would instead deposit funds into the attacker’s wallet address pasted by the malicious app.

“Several malicious apps have been discovered impersonating MetaMask on Google Play. To gain access to the victims’ cryptocurrency funds, they merely phished for sensitive information “Stefanko said.

“Android Clipper targeted Bitcoin and Ethereum addresses copied to the clipboard and replaced them with the attacker’s wallet address. This transaction cannot be canceled after it has been sent.”

Stefanko identified the malicious MetaMask app, which he believes to be the first Android Trojan Clipper to be discovered on Play Store, shortly after its February 1 release.

Google removed the malicious app almost immediately after receiving the researcher’s alert.

While the bitcoin price has declined steadily since its all-time high in December 2017, the cryptocurrency industry continues to be plagued by scandals, thefts, and scams, which are on the rise.

The Hacker News reported just last week that customers of the largest Canadian bitcoin exchange QuadrigaCX lost $145 million in cryptocurrency due to the sudden death of the exchange’s owner, who was the only person with access to the company’s cold storage wallets. Nevertheless, some users and researchers believe the incident may be an exit scam.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of