Author

Topic: Google Play Store Caught Hosting Fake Metamask Crypto Malware (Read 793 times)

copper member
Activity: 2380
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
hero member
Activity: 2604
Merit: 816
🐺Spinarium.com🐺 - iGaming casino
Thank you for giving the information. Fortunately, I don't use metamask so I think I can avoid that malware and I hope that all of us could be still safe. I hope that the apps get delete from Google Play Store, so we don't have to know that the apps were making some people lose their balance because they don't know this alert.
sr. member
Activity: 859
Merit: 251
It says in the article:
Quote
The Clipper malware monitors and intercepts the clipboard software which is often used to copy and paste crypto wallet addresses. It modifies the string to that of the attacker so the funds are sent to them instead of the recipient. This crude form of crypto jacking was prevalent a couple of years ago and has now reared its head once again.

Thus the importance of diligently checking for the correct recipient addresses before clicking that send button. Nothing beats being too careful with crypto even if you understand little of the technology.
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
Personally I'm not having problems to spot fake apps on Playstore. It's not that difficult. Main indicators of fake app - small number of downloads and reviews. Another one - strange name of uploader. But for less experienced people it can be more difficult. So, it would be best to official app of wallet, exchange or sth and then click on Google Play icon which is displayed on website - then you will be redirected to official app.
This just goes to show that Google urgently needs some cryptocurrency experts among their staff. This is not the first time they make such mistakes. I remember some time ago they allowed something similar in their search engine results. I think it was a case of a fake electrum wallet. Google should either educate their stuff or stay away from the crypto space entirely. Otherwise they are making damage, people in general trust google and then fall for these types of scams.
No, they don't need to hire crypto experts to eliminate this problem. It's not only problem with crypto, because you can find various kind of fake apps in all categories of Google Play store. Now everyone can upload app to Play store after paying small fee and it appears on it without strict verification. I'm not fan of Apple, but their App Store is much better than Google Play in terms of security. On App Store all apps have to pass strict verfication proccess before it become available to download. This is why we don't see similar news like in OP about apps uploaded to Apple App Store.
member
Activity: 588
Merit: 10
It would be safe if you go to metamask's website first then click the link for downloads. That's the best way to know if you are getting the right app or browser extension...
legendary
Activity: 1932
Merit: 1273
We should aware that Google Play Store is bloated with a lot of malware applications. The responsible shouldn't be on Google's team but rather our analytical thinking about it. It is should the norm for cryptocurrencies user to double check and thoroughly verify the authenticity of the application, for more security just download it then verify the PGP keys.
hero member
Activity: 1666
Merit: 753
I got snookered for $14 worth of ETH last autumn by this fake.  It could have been a much more expensive lesson, luckily it wasn't.

The article says the malware was released on Feb. 1 2019, but I know for a fact this malware has been around longer than that.  The scammer must keep trying the same trick every few months.

It's likely going to attract a few victims, since has been recent news about MetaMask publishing a legitimate Android app.

Jeez, makes you wonder how much these fakes have scammed, and how many more of them are there.

It's definitely a reason to not blindly trust Google Play or App Store in terms of the security of the apps you are downloading. Not only can they possibly be complete scams that you're downloading (since these app hosting platforms have no control over the actual service that the apps are providing), they could even contain malware in this instance.

Whenever you are copying a bitcoin address, whether on your phone or on your laptop, make sure that you at least glance over it to verify that it's the one that you copied. There has been a ton of these malicious applications that modify the bitcoin address which you copy into your system when you're sending funds, and it's reasonable to take these precautions.
full member
Activity: 574
Merit: 100
To see details click on the below image about
Quote
Google Play Store Caught Hosting Fake Metamask Crypto Malware
:


Ahw so playstore will not able to determine whether that wallet is genuine or not. They should increase their security to make sure that this kind of happening will not happen again.

It is very disappointed in my side, I thought playstore is safe and only trusted apps will be listed there.
copper member
Activity: 2338
Merit: 4543
Join the world-leading crypto sportsbook NOW!
I got snookered for $14 worth of ETH last autumn by this fake.  It could have been a much more expensive lesson, luckily it wasn't.

The article says the malware was released on Feb. 1 2019, but I know for a fact this malware has been around longer than that.  The scammer must keep trying the same trick every few months.

It's likely going to attract a few victims, since has been recent news about MetaMask publishing a legitimate Android app.
legendary
Activity: 2758
Merit: 6830
This is absurd, I thought Google had a very strict verification check before allowing any app to be listed at Play Store.

If someone has lost any money through this fake app, Google should be reported to authorities. Oh well, being so strong worldwide, no one can really raise a finger on Google...  Lips sealed
Nope. This already happened multiple times before. They don't actually verify their apps - that's why there are so many crappy and shady apps in their store. This is also one of the reasons why I really like iOS. The App Store is pretty decent and hardly you will find a shit or shady app around there.

And the worst of all is that this is not the first time a fake MetaMask app shows on the Play Store. Back in 2018: https://bitcoinexchangeguide.com/google-takes-action-as-fake-crypto-apps-caught-on-play-store-by-stefanko/
member
Activity: 294
Merit: 53
This is absurd, I thought Google had a very strict verification check before allowing any app to be listed at Play Store.

If someone has lost any money through this fake app, Google should be reported to authorities. Oh well, being so strong worldwide, no one can really raise a finger on Google...  Lips sealed
full member
Activity: 434
Merit: 246
This just goes to show that Google urgently needs some cryptocurrency experts among their staff. This is not the first time they make such mistakes. I remember some time ago they allowed something similar in their search engine results. I think it was a case of a fake electrum wallet. Google should either educate their stuff or stay away from the crypto space entirely. Otherwise they are making damage, people in general trust google and then fall for these types of scams.
legendary
Activity: 2702
Merit: 4002
Unless you are able to read and verify every line in the program, you are at risk, even if it is approved by Google.

Quote
“We spotted Android/Clipper.C shortly after it had been introduced at the official Android store, which was on February 1, 2019. We reported the discovery to the Google Play security team, who removed the app from the Store,” the report added.

The good thing is that they have discovered the malicious program in a short time and have been removed, making the number of downloads a way to ensure you get a relatively safe application.
Also, follow the traditional solutions like checking the address, checking the source of the application, do not let all the eggs in the basket, follow the news may help you reduce the losses.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
I didn't have enough sMerits but this is the kind of information people need to be sensitized about. A lot of people have lost their money and cryptos unknowingly.
Towards the end of last year, I created a topic about these app stores being a haven for such fake apps.
It's great that you brought this up.

Here is the topic I also made back then.
Not all crypto apps in App stores are safe
legendary
Activity: 3010
Merit: 8114
I remember the idea of malware that could change the contents of your clipboard had been discussed for a long time, but now they've finally done it! Those sneaky bastards.

Whenever I copy and paste an address -- just to be extra sure it wasn't my own fuckup -- I check the first and last 3 characters of the address to make sure they match what I had pasted.

Not that I do a lot of drunk bitcoining, but accidentally forgetting to include a character in a bitcoin send would be worth crying over.
hero member
Activity: 2926
Merit: 567
You can easily tell by the number of reviews even if they upload a fake metamask it will easily get caught if it does not have millions of users they have this 1,013,261 number of users I have not yet seen a fake one so why not post here so we can help report it and take it down.
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
When i want to install any app with anything about in google play, i always find it in their real website. Because  upload app in google play is cheap like appgeyser. Only 25$ to upload in google play

this ^ .

and also if happens that they don't have a link to their app on the website, looking at the number of downloads and reviews, most of the time answers the question of whether it's the real app you looking for or not.
legendary
Activity: 2338
Merit: 1261
Heisenberg
When i want to install any app with anything about in google play, i always find it in their real website. Because  upload app in google play is cheap like appgeyser. Only 25$ to upload in google play
Yeah, it's better to find the official app links from the official websites. Google play is a pool of scam crypto apps and malware.
newbie
Activity: 20
Merit: 5
When i want to install any app with anything about in google play, i always find it in their real website. Because  upload app in google play is cheap like appgeyser. Only 25$ to upload in google play
copper member
Activity: 2170
Merit: 1827
Top Crypto Casino
App stores are not to be trust with crypto apps especially wallet and exchanges. i myself have seen so many scam apps in play stores and so many people become victims by downloading them.
Thanks for the alert.
copper member
Activity: 2380
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
To see details click on the below image about
Quote
Google Play Store Caught Hosting Fake Metamask Crypto Malware
:

Jump to: