The app is found to be targeting users’ wallets and keys and it also is able to swap the wallet addresses for that of the attackers’ when they are copied to the clipboard. In turn, when users placed currency in the app, it was transferred to the attacker. The app is being portrayed as MetaMask that allows Ethereum decentralized apps to run on browsers, but currently MetaMask does not offer a legitimate mobile app version. Researchers commented saying, “The service currently does not offer a mobile app – only add-ons for desktop browsers such as Chrome and Firefox. Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims’ cryptocurrency funds.” Google has been informed and has removed the app from the play store.
Analyst Notes
Users who have Ethereum wallets should be cautious when downloading app extensions. Extensive research should be done before downloading app extensions and providing them with their personal information. If users still have the MetaMask app downloaded, they should delete it immediately.
