Android Clipper found on Google Play

The first Android Trojan Clipper – that exchanges cryptocurrency address in copied clipboard – was discovered on Google Play. Android Clipper targeted Bitcoin and Ethereum cryptocurrency addresses when being copied in to clipboard and replaced them with the attacker’s wallet address. Once this transaction is sent, it can not be canceled.

Figure 1. Replacing wallets in clipboard


In the video I explained what is Clipper and demonstrated its functionality including possible attack scenario.

Attack Scenario

Figure 2. How Android Clipper works

History of Android Clipper malware

August 7, 2018Discovered first Android Clipper outside of Google Play by Dr. Web

February 8, 2019Discovered first Android Clipper in Google Play by ESET


Package NameHashcom.lemon.metamask24D7783AAF34884677A601D487473F88

I test Android malware, so you don’t have to. Be Aware, Be Secure!

Hayden P.

A blockchain and cryptocurrency enthusiast

You may also like...