Lookalike Telegram and WhatsApp Websites Distributing Cryptocurrency Stealing Malware


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware.

"All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis.

Key points of this blogpost:
  • ESET Research has found the first instance of clippers built into instant messaging apps.
  • Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows.
  • The malware can switch the cryptocurrency wallet addresses the victim sends in chat messages for addresses belonging to the attacker.
  • Some of the clippers abuse optical character recognition to extract text from screenshots and steal cryptocurrency wallet recovery phrases.
  • In addition to clippers, we also found remote access trojans (RATs) bundled with malicious Windows versions of WhatsApp and Telegram.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.