Fake MetaMask App Containing Malware Pulled From Google Play Store After Tip-Off

New app impersonating MetaMask was found on the Google Play store containing malware capable of replacing victims’ wallet addresses, the cybersecurity company Eset reported on Feb. 8.

After the tip-off from the Eset researchers at the beginning of the month, Google removed the app impersonating MetaMask from their store.

The malware known as “Clipper” could intercept the content of the clipboard, and if recognised as an address of a cryptocurrency wallet, change the content with an address belonging to the attacker. The Eset blog post explains:


“The malware’s primary purpose is to steal the victim’s credentials and private keys to gain control over the victim’s Ethereum funds. However, it can also replace a Bitcoin or Ethereum wallet address copied to the clipboard with one belonging to the attacker.”

According to the blog post the malware was discovered on February 1st, 2019 and was reported to the Google Play security team on the same day, who then promptly removed the app from the store.

The malware infested app was impersonating decentralized app MetaMask, which is one of the oldest Ethereum based DApps. MetaMask tweeted in regards of the discovery:

As the tweet suggests, this is not the first time MetaMask had an issue with Google. In July last year the company’s browser extension was pulled down from Google’s Chrome Web Store for around six hours before being restored. 

A subsequent post from MetaMask revealed the action was an error on Chrome’s side. Even though a mobile app version of MetaMask was announced last year at Devcon, a product for mobile devices is yet to come.