Security researcher has discovered a malware that steal bitcoins and e-money from users who participate in “virtual money” transactions.

According to researcher Lukas Stefanko, the malicious software masquerades as a legitimate electronic money application and works by replacing e-wallet addresses, which are copied to the clipboard of attack object.

The reason for this exploitation is because e-wallet addresses are made up of random long strings of characters that are difficult to remember for security reasons. Therefore, users often prefer to copy and paste their wallet addresses using clipboard rather than typing them. And malware has taken advantage of this habit to steal virtual money.

To do this, the hacker will first “sentence” the user to install a malicious e-money malicious application called MetaMask.

Note that MetaMask is a real service, but the legal version of MetaMask is only available as a web browser extension for Chrome, Firefox, Opera or Brave and has not yet been released on any mobile app store.

After the user installs this MetaMask, every time the user copies his e-wallet address into memory, they will be changed to the hacker wallet address. Google removed this malicious application almost immediately after being informed by Stefanko.

It can be said that the issue of “virtual money” is still being discussed a lot, although prices have fallen sharply compared to the previous year. Applications like MetaMask “wit” above will still be able to reappear with a new look on the Play Store app market or even the Appstore.

Another event related to “virtual money” that took place last week showed that owning these currencies could make the user “lost” at any time. That’s what customers of Canada’s largest bitcoin trading platform QuadrigaCX have lost $ 145 million in electronic money after the sudden death of the site owner, the only one who has access to the company’s offline storage wallet. .

The incident is still being investigated when some users and researchers believe that the incident could be a hoax of property hijacking.