Lukas Stefanko, a security researcher from ESET said that the Google Play app store was found to have a malicious application, the purpose of which is to steal the user’s virtual currency. He wrote in a blog post that the malware is disguised as a legitimate virtual currency application that “intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert. In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker.”
This clipper malware in Google Play mimics a service called MetaMask, which enables browsers to run applications that support virtual currency Ethereum. The main purpose of this malicious piece, called Eset, Android/Clipper.C, is to steal the certificate that can control Ethereum. It can also replace the Bitcoin and Ethereum wallet addresses that are copied to the clipboard with the wallet address belonging to the hacker.
Google removed this malicious application.