Android App Suddenly Pulled After New Bitcoin Theft Warning
An Android app hosted on the official Google Play store has been pulled after it was found to be surreptitiously stealing bitcoin and cryptocurrency from unwitting users, researchers revealed late last week—thought to be the first time this kind of malware has been hosted on the official Android app store. The app, which was found to be impersonating a legitimate crypto service called MetaMask, hijacked a phone's clipboard feature when people copy and paste their bitcoin or cryptocurrency address, either sending the account's so-called private keys back to the criminals or replacing the public key with an address controlled by the hacker. When the phone user then tried to send their digital tokens to the copied address, they would paste the attackers' instead. The MetaMask app, designed by ethereum developer Consensys, is popular among the bitcoin and cryptocurrency community—having been downloaded for Chrome and Firefox via the Google Play store over one million times—and allows users to access a variety of decentralized apps on the ethereum network. It is not currently available for mobile devices. The warning is a blow to both bitcoin and cryptocurrencies as well as the Google Play Store, which has been previously criticized for allowing malicious apps on to its platform without checks.