- Aug 17, 2014
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware.
"All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis.
Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware
Researchers have discovered trojanized versions of Telegram and WhatsApp are infecting Android and Windows users with cryptocurrency clipper malware.
Key points of this blogpost:
- ESET Research has found the first instance of clippers built into instant messaging apps.
- Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows.
- The malware can switch the cryptocurrency wallet addresses the victim sends in chat messages for addresses belonging to the attacker.
- Some of the clippers abuse optical character recognition to extract text from screenshots and steal cryptocurrency wallet recovery phrases.
- In addition to clippers, we also found remote access trojans (RATs) bundled with malicious Windows versions of WhatsApp and Telegram.
Not‑so‑private messaging: Trojanized WhatsApp and Telegram apps go after cryptocurrency wallets | WeLiveSecurity
ESET researchers analyzed Android and Windows clippers that can tamper with instant messages and use OCR to steal cryptocurrency funds.