Antivirus company ESET announced the discovery of a clipper application in the Google Play store that replaces data in the clipboard. The malware was disguised as MetaMask, a service for storing and managing cryptocurrency.
The aim of the attackers was to steal data needed to gain access to users' crypto wallets. Thus, the clipper application replaced the addresses of users' Bitcoin and Ethereum wallets with the addresses of fraudsters.
For the first time, the activity of clipper viruses was recorded in 2017 and posed a threat only to users Windows. However, in August 2018, scammers began spreading malware among users Android using the Google Pay app store.