The malware, referred to as a “clipper” by the researchers at ESET, first discovered the offending code both lurking and impersonating an actual legitimate service known as MetaMask. Who specialises in allowing users to run Ethereum-based apps on their browser, without the need of having to run a full Ethereum node. Further investigation revealed the app itself was fake; MetaMask reportedly doesn’t have or operate a mobile application.
— MetaMask (@MetaMask) February 9, 2019 Google has since removed the app from the Play Store, but such an oversight does raise some concerns over the Android marketplace’s security and screening of such apps. To that end, MetaMask did take to Twitter, asking Google to beef up said security by at least reserving trademarked names for apps. Scenarios like this are the reasons that many individuals who dabble in the cryptocurrency realm usually put their hard-earned digital dollars aside in an offline, cold-storage wallet. Where it is all protected by a authorisation code or password only they know.
Problem is, this method of protection is also a double-edge sword, as gaining access to cryptocurrency stored this way without the proper access code can prove difficult. Such was the case of the Canadian-based cryptocurrency exchange, QuadrigaCX, when the death of its CEO costed the company US$145 million (~RM590 million). All because he took the access codes to those funds with him to the grave, literally. (Source: ESET via Hot Hardware // Image: BTCNN)
