ANDROID phone owners are being warned over a dangerous new Bitcoin scam that steals your money.
The scam is built into dodgy apps built by criminals, which experts now warn can be freely downloaded from the official Google Play Store.
The Google Play Store is supposed to be a safe haven for Android phone users to find and install apps.
But a new type of malware called a "clipper" has found its way onto the official store.
That's according to experts at cybersecurity firm ESET, who say this type of malware can target buyers and sellers of Bitcoin and other cryptocurrencies.
It works by taking advantage of the fact that Bitcoin wallets have long and confusing names.
"For security reasons, addresses of online cryptocurrency wallets are composed of long strings of characters," explain researchers.
"Instead of typing them, users tend to copy and paste the addresses using the clipboard."
It's at this point where the "clipper" malware steps in, and scams you out of money.
If you've got a dodgy "clipper" app installed, it'll redirect your funds to a criminal's Bitcoin wallet.
"It intercepts the content of the clipboard and replaces it surreptitiously with what the attacker wants to subvert," ESET explains.
"In the case of a cryptocurrency transaction, the affected user might end up with the copied wallet address quietly switched to one belonging to the attacker."
According to experts, this type of malware first "made its rounds" on Windows in 2017.
It later turned up on dodgy Android app stores, before finally making its way to the official Google Play Store.
"Although relatively new, cryptocurrency stealers that rely on altering the clipboard's content can be considered established malware," researchers explain.
"ESET researchers even discovered one hosted on download.cnet.com, one of the most popular software-hosting sites in the world.
"In August 2018, the first Android clipper was discovered being sold on underground hacking forums and since then, this malware has been detected in several shady app stores."
The "clipper" app found in the Google Play Store by ESET's security team was impersonating a legitimate service called MetaMask.
The malware is designed to steal your Bitcoin login credentials, but also swap out your Bitcoin wallet addresses to divert funds to crooks.
Experts reported the app shortly after it appeared on the Google store on February 1, and it was later removed.
We've asked Google for comment and will update this story with any response.
How to stay safe from Android 'clipper' malware
Here's the official advice from security experts at ESET…
- Keep your Android device updated and use a reliable mobile security solution
- Stick to the official Google Play store when downloading apps…
- …however, always check the official website of the app developer or service provider for the link to the official app. If there is not one, consider it a red flag and be extremely cautious to any result of your Google Play search
- Double-check every step in all transactions that involve anything valuable, from sensitive information to money.
- When using the clipboard, always check if what you pasted is what you intended to enter.
New Apple AirPods rumoured with NEW design that stops them falling out of your ears
Sea level 'doomsday' simulator reveals whether YOUR home would be wiped out
CORE OF THE PROBLEM?
Apple engineer says pressure to design iPhone is reason I’m divorced
Sex-bot lovers can get 'randy virtual AI girlfriends' with creepy new phone app
SEE IN THE DARK
Secret Google Chrome update FINALLY adds 'Dark Mode' – how to get it today
OUT OF CONTROL
Facebook, Google 'should face crackdown from NEW watchdog' to restrain power
Beware of the dodgy apps that could be draining your Android phone battery life.
Don't get caught out by the 13 popular phone games that are secretly malware.
And be on red alert over the Android "beauty" apps that steal your photos and send you porn.
Have you spotted any dodgy apps on your Android phone lately? Let us know in the comments!