What just happened? Once again, the Google Play Store has been caught hosting malware-loaded malicious apps. According to researchers from IT security company Eset, the app impersonated a browser-based service created to run decentralized Ehtereum apps without running a full Ethereum node.
Update your Android device in a timely fashion, and install a "reliable" security app on your phone. While there is a legit website called MetaMask that offers "a secure identity vault, providing a user interface to manage your identities on different sites and sign blockchain transactions", there are only add-ons available for Chrome, Firefox, Opera, and the fearless browser.
Worse, Eset researchers said the app contained "clipper" malware. As cryptocurrency addresses are composed of a long string of numbers and characters, it is hard to memorize them. Users usually copy and paste them instead of typing them out.
The "clipper" apps replace the correct address on the clipboard with the address of the hacker's own virtual wallet, which means that the victim unknowingly could be depositing his bitcoins into the wallet of an unknown thief. This could enable attackers to trick users into sending cryptocurrency funds to the wrong wallet.
It's worth noting that Google plans to change how Android's copy and paste system works in Android Q. New permissions would restrict when and how apps can access the clipboard and could potentially combat this kind of malware.
Eset says it spotted the fake MetaMask app on the Play Store shortly after it appeared on February 1st.
Unfortunately, there's no full-proof way to detect and avoid malicious apps like this yet. In the case of MetaMask, the official website makes no mention of an Android app.