Google Play Store Caught Hosting Fake Metamask Crypto Malware

[shasan]

To see details click on the below image about

Google Play Store Caught Hosting Fake Metamask Crypto Malware

:

[logfiles]

App stores are not to be trust with crypto apps especially wallet and exchanges. i myself have seen so many scam apps in play stores and so many people become victims by downloading them.
Thanks for the alert.

[detrivator]

When i want to install any app with anything about in google play, i always find it in their real website. Because  upload app in google play is cheap like appgeyser. Only 25$ to upload in google play

[JeromeTash]

When i want to install any app with anything about in google play, i always find it in their real website. Because  upload app in google play is cheap like appgeyser. Only 25$ to upload in google play

Yeah, it's better to find the official app links from the official websites. Google play is a pool of scam crypto apps and malware.

[mikeywith]

When i want to install any app with anything about in google play, i always find it in their real website. Because  upload app in google play is cheap like appgeyser. Only 25$ to upload in google play

this ^ .

and also if happens that they don't have a link to their app on the website, looking at the number of downloads and reviews, most of the time answers the question of whether it's the real app you looking for or not.

[aioc]

You can easily tell by the number of reviews even if they upload a fake metamask it will easily get caught if it does not have millions of users they have this 1,013,261 number of users I have not yet seen a fake one so why not post here so we can help report it and take it down.

[nutildah]

I remember the idea of malware that could change the contents of your clipboard had been discussed for a long time, but now they've finally done it! Those sneaky bastards.

Whenever I copy and paste an address -- just to be extra sure it wasn't my own fuckup -- I check the first and last 3 characters of the address to make sure they match what I had pasted.

Not that I do a lot of drunk bitcoining, but accidentally forgetting to include a character in a bitcoin send would be worth crying over.

[Bitcoin_Arena]

I didn't have enough sMerits but this is the kind of information people need to be sensitized about. A lot of people have lost their money and cryptos unknowingly.
Towards the end of last year, I created a topic about these app stores being a haven for such fake apps.
It's great that you brought this up.

Here is the topic I also made back then.
Not all crypto apps in App stores are safe

[hugeblack]

Unless you are able to read and verify every line in the program, you are at risk, even if it is approved by Google.

“We spotted Android/Clipper.C shortly after it had been introduced at the official Android store, which was on February 1, 2019. We reported the discovery to the Google Play security team, who removed the app from the Store,” the report added.

The good thing is that they have discovered the malicious program in a short time and have been removed, making the number of downloads a way to ensure you get a relatively safe application.
Also, follow the traditional solutions like checking the address, checking the source of the application, do not let all the eggs in the basket, follow the news may help you reduce the losses.

[butka]

This just goes to show that Google urgently needs some cryptocurrency experts among their staff. This is not the first time they make such mistakes. I remember some time ago they allowed something similar in their search engine results. I think it was a case of a fake electrum wallet. Google should either educate their stuff or stay away from the crypto space entirely. Otherwise they are making damage, people in general trust google and then fall for these types of scams.

[encycrypto]

This is absurd, I thought Google had a very strict verification check before allowing any app to be listed at Play Store.

If someone has lost any money through this fake app, Google should be reported to authorities. Oh well, being so strong worldwide, no one can really raise a finger on Google... 

[TryNinja]

This is absurd, I thought Google had a very strict verification check before allowing any app to be listed at Play Store.

If someone has lost any money through this fake app, Google should be reported to authorities. Oh well, being so strong worldwide, no one can really raise a finger on Google... 

Nope. This already happened multiple times before. They don't actually verify their apps - that's why there are so many crappy and shady apps in their store. This is also one of the reasons why I really like iOS. The App Store is pretty decent and hardly you will find a shit or shady app around there.

And the worst of all is that this is not the first time a fake MetaMask app shows on the Play Store. Back in 2018: https://bitcoinexchangeguide.com/google-takes-action-as-fake-crypto-apps-caught-on-play-store-by-stefanko/

[DireWolfM14]

I got snookered for $14 worth of ETH last autumn by this fake.  It could have been a much more expensive lesson, luckily it wasn't.

The article says the malware was released on Feb. 1 2019, but I know for a fact this malware has been around longer than that.  The scammer must keep trying the same trick every few months.

It's likely going to attract a few victims, since has been recent news about MetaMask publishing a legitimate Android app.

[PDAngel]

To see details click on the below image about

Google Play Store Caught Hosting Fake Metamask Crypto Malware

:

Ahw so playstore will not able to determine whether that wallet is genuine or not. They should increase their security to make sure that this kind of happening will not happen again.

It is very disappointed in my side, I thought playstore is safe and only trusted apps will be listed there.

[magneto]

I got snookered for $14 worth of ETH last autumn by this fake.  It could have been a much more expensive lesson, luckily it wasn't.

The article says the malware was released on Feb. 1 2019, but I know for a fact this malware has been around longer than that.  The scammer must keep trying the same trick every few months.

It's likely going to attract a few victims, since has been recent news about MetaMask publishing a legitimate Android app.

Jeez, makes you wonder how much these fakes have scammed, and how many more of them are there.

It's definitely a reason to not blindly trust Google Play or App Store in terms of the security of the apps you are downloading. Not only can they possibly be complete scams that you're downloading (since these app hosting platforms have no control over the actual service that the apps are providing), they could even contain malware in this instance.

Whenever you are copying a bitcoin address, whether on your phone or on your laptop, make sure that you at least glance over it to verify that it's the one that you copied. There has been a ton of these malicious applications that modify the bitcoin address which you copy into your system when you're sending funds, and it's reasonable to take these precautions.

[vv181]

We should aware that Google Play Store is bloated with a lot of malware applications. The responsible shouldn't be on Google's team but rather our analytical thinking about it. It is should the norm for cryptocurrencies user to double check and thoroughly verify the authenticity of the application, for more security just download it then verify the PGP keys.

[Mommynigabby]

It would be safe if you go to metamask's website first then click the link for downloads. That's the best way to know if you are getting the right app or browser extension...

[LTU_btc]

Personally I'm not having problems to spot fake apps on Playstore. It's not that difficult. Main indicators of fake app - small number of downloads and reviews. Another one - strange name of uploader. But for less experienced people it can be more difficult. So, it would be best to official app of wallet, exchange or sth and then click on Google Play icon which is displayed on website - then you will be redirected to official app.

This just goes to show that Google urgently needs some cryptocurrency experts among their staff. This is not the first time they make such mistakes. I remember some time ago they allowed something similar in their search engine results. I think it was a case of a fake electrum wallet. Google should either educate their stuff or stay away from the crypto space entirely. Otherwise they are making damage, people in general trust google and then fall for these types of scams.

No, they don't need to hire crypto experts to eliminate this problem. It's not only problem with crypto, because you can find various kind of fake apps in all categories of Google Play store. Now everyone can upload app to Play store after paying small fee and it appears on it without strict verification. I'm not fan of Apple, but their App Store is much better than Google Play in terms of security. On App Store all apps have to pass strict verfication proccess before it become available to download. This is why we don't see similar news like in OP about apps uploaded to Apple App Store.

[bustedsynx]

It says in the article:

The Clipper malware monitors and intercepts the clipboard software which is often used to copy and paste crypto wallet addresses. It modifies the string to that of the attacker so the funds are sent to them instead of the recipient. This crude form of crypto jacking was prevalent a couple of years ago and has now reared its head once again.

Thus the importance of diligently checking for the correct recipient addresses before clicking that send button. Nothing beats being too careful with crypto even if you understand little of the technology.

[michellee]

Thank you for giving the information. Fortunately, I don't use metamask so I think I can avoid that malware and I hope that all of us could be still safe. I hope that the apps get delete from Google Play Store, so we don't have to know that the apps were making some people lose their balance because they don't know this alert.