#1247029: Android Clipper found on Google Play - Video

Description: The first Android Trojan Clipper – that exchanges cryptocurrency address in copied clipboard – was discovered on Google Play. Android Clipper targeted Bitcoin and Ethereum cryptocurrency addresses when being copied in to clipboard and replaced them with the attacker’s wallet address. Once this transaction is sent, it can not be canceled.
Figure 1. Replacing wallets in clipboard

In the video I explained what is Clipper and demonstrated its functionality including possible attack scenario.
Attack Scenario
Figure 2. How Android Clipper works
History of Android Clipper malware

August 7, 2018 – Discovered first Android Clipper outside of Google Play by Dr. Web

February 8, 2019 – Discovered first Android Clipper in Google Play by ESET
Package Name Hash
com.lemon.metamask 24D7783AAF34884677A601D487473F88

I test Android malware, so you don’t have to. Be Aware, Be Secure!
More info: https://lukasstefanko.com/2019/02/android-clipper-found-on-google-play.html

Date added Feb. 11, 2019, 3:10 p.m.
Source Lukas Stefanko
  • All New Malware or Attack Alerts - New Reports / IOCs in
  • Android Malware - New Reports in
  • Cryptomining / Crypto Mine / Crypto-mining / Cryptojacking - Crypto jacking - Drive-by malware etc
  • Google Android
  • Google Play / Play Store / PlayStore
  • Scam/Fraud/Hoax Alerts