[2019-02-13] Fake MetaMask App Found On Google Play

[Unblock_news]

Be careful what you download from the Google Play store. There is a fake MetaMask app found on Google Play.

The Clipper takes advantage of this mechanism. It dabbles with the content of the clipboard, and instead of pasting your cryptocurrency address into the transaction, you will be inputting the address of the hacker.

Read more here: https://www.unblock.news/news/fake-metamask-app-can-steal-peoples-ethereum

[1714121753]

1714121753

[1714121753]

1714121753

[1714121753]

1714121753

[livingfree]

I think those people who have been complaining from the past days about their funds were gone on Metamask were victims of this fake App. If the WLS didn't found out that it is a fake app, Google will not remove it.

This is why I'm very careful on downloading apps on playstore and I only trust those apps coming from the website directly. These frauds shall be taken down by Google Play and take action on the other fraud apps that's still on their platform.

[joniboini]

Seems like the best protection is still security awareness. How easy it is for people to fall victim for this if they think any apps on Play Store is legit and checked by Google (did you, Google?).

But I wonder why the attacker use the clipper though, why not take the private key directly? I believe some users will enter their private key if they want to import their wallet to this app.

[Kakmakr]

Seems like the best protection is still security awareness. How easy it is for people to fall victim for this if they think any apps on Play Store is legit and checked by Google (did you, Google?).

But I wonder why the attacker use the clipper though, why not take the private key directly? I believe some users will enter their private key if they want to import their wallet to this app.

The Private key is never exposed when you transfer funds from your address to the next. This attack is centered around the replacement of any destination address with the hackers Bitcoin address. So you might Copy the receivers address into the clipboard and then the hacker replace that address with his or her own Bitcoin address when you Paste it and hopefully you will not notice it and just click send.

The Clipboard hijacking method is quite common these days, so you must always verify the receivers address, after you pasted it from the clipboard/memory.    They use different methods to hijack the clipboard and apps on Google Play is just one of them.  

[Naida_BR]

This scam will never be going to stop.

Metamask has been targeted for so many time and something needs to be done from the developers part. Additionally, whoever gets scammed with these apps has to be blamed too. It is unbelievable how you trust an app that came from nowhere and it has appeared in the store.

[1Referee]

Additionally, whoever gets scammed with these apps has to be blamed too. It is unbelievable how you trust an app that came from nowhere and it has appeared in the store.

Not everyone knows what to look for when verifying software, especially when people are rushing to claim whatever shitcoin airdrop. In the end, someone needs to be scammed, then another one, and then dozens of more people in order to have it become public enough to pop up on news outlets like this.

Richard Heart has been hardcore shilling his Bhex shitcoin and recommended people to use MetaMask, so I hope they don't end up falling for the fake one.

[davis196]

Be careful what you download from the Google Play store. There is a fake MetaMask app found on Google Play.

The Clipper takes advantage of this mechanism. It dabbles with the content of the clipboard, and instead of pasting your cryptocurrency address into the transaction, you will be inputting the address of the hacker.

Read more here: https://www.unblock.news/news/fake-metamask-app-can-steal-peoples-ethereum

Google Play can't control all the apps that get listed everyday on the platform.Perhaps they should increase the developer's accounts signup fee.It's no secret that malicious apps can still be found on Google Play.

[btyco]

When copying and pasting addresses and keys i always double check to ensure it is going to the right place. At least check the last 4 characters which is better than nothing

[Kemarit]

When copying and pasting addresses and keys i always double check to ensure it is going to the right place. At least check the last 4 characters which is better than nothing

I also check the first and last 4 characters, just to make sure. I hope though that this fake MetaMask app has been taken down by Google already so that no more damage can be done. And I think this is not the first one though, so I do hope that people learn from this past mistakes. Wonder though how many times this fake apps have been downloaded.

[CryptoBry]

I think those people who have been complaining from the past days about their funds were gone on Metamask were victims of this fake App. If the WLS didn't found out that it is a fake app, Google will not remove it.

This is why I'm very careful on downloading apps on playstore and I only trust those apps coming from the website directly. These frauds shall be taken down by Google Play and take action on the other fraud apps that's still on their platform.

It is quite sad that over and over again fake apps can be found in the Google Play and this is telling us that there is no concrete way that this app marketplace can easily determine a fake from real ones. The thing is that fake appca can easily victimized many people and it is only after something sinister happened that a discovery can transpire. I am hoping that soon there can be a better way that can detect fakes right from the very start...we have to use technology on this as we are now in the technology age and not let allow unscrupulous people from using the same technology to poison the people.

[legatus21]

I was a victim of this MetaMask Shit, Please we have to be very careful when downloading from Google Play Store.
The Developers of Google should please try and find a way to fish out these Fake Apps.