Android Clipper found on Google Play | video demo - Lukas
Stefanko
Published: 2019-02-10 · Archived: 2026-04-05 14:08:19 UTC
Android Clipper found on Google Play | video demo
The first Android Trojan Clipper – that exchanges cryptocurrency address in copied clipboard – was discovered on
Google Play. Android Clipper targeted Bitcoin and Ethereum cryptocurrency addresses when being copied in to
clipboard and replaced them with the attacker’s wallet address. Once this transaction is sent, it can not be
canceled.
Figure 1. Replacing wallets in clipboard
Functionality
In the video I explained what is Clipper and demonstrated its functionality including possible attack scenario.
An error occurred.
Try watching this video on
www.youtube.com, or enable JavaScript if
it is disabled in your browser.
Attack Scenario
https://web.archive.org/web/20201107225915/https://lukasstefanko.com/2019/02/android-clipper-found-on-google-play.html
Page 1 of 2

Figure 2. How Android Clipper works
History of Android Clipper malware
August 7, 2018 – Discovered first Android Clipper outside of Google Play by Dr. Web
February 8, 2019 – Discovered first Android Clipper in Google Play by ESET
Sample
I test Android malware, so you don’t have to. Be Aware, Be Secure!
Source: https://web.archive.org/web/20201107225915/https://lukasstefanko.com/2019/02/android-clipper-found-on-google-play.html
https://web.archive.org/web/20201107225915/https://lukasstefanko.com/2019/02/android-clipper-found-on-google-play.html
Page 2 of 2