• ESET researchers discovered malicious copycat Telegram and WhatsApp websites that have trojanized versions of these popular instant messaging apps, designed to steal victims‘ cryptos.
• These clippers specifically target victims‘ cryptocurrency funds and in some cases, directly focus on their cryptocurrency wallets.
• In addition to the trojanized WhatsApp and Telegram Android apps, ESET researchers also found malicious Windows versions of the same apps, which are bundled with remote access trojans (RATs).
Hackers Targeting Telegram and WhatsApp Users
ESET discovered many copycat Telegram and WhatsApp websites targeting Android and Windows users with trojanized versions of instant messaging apps. These clippers were designed to steal victims‘ cryptos by either stealing or altering clipboard contents. They intercept messages sent through the apps, substituting any transmitted or received cryptocurrency wallet addresses with those controlled by the attackers.
Clipper Malware on Google Play
Prior to the establishment of the App Defense Alliance, ESET researchers discovered the first Android clipper on Google Play. As a result of this discovery, Google enhanced Android security by limiting system-wide clipboard operations for background apps on Android versions 10 and above. However, as shown by the latest findings, such measures may not be enough to protect users completely against malicious actors attempting to exploit cryptocurrencies for their own benefit.
Remote Access Trojans Bundled with Apps
In addition to trojanized WhatsApp and Telegram Android apps, ESET researchers also found malicious Windows versions of the same applications that are bundled with remote access trojans (RATs). These RATs provide attackers with even more control over infected devices – enabling them to steal sensitive information as well as perform other malicious activities.
Optical Character Recognition Technology
A few of these malicious apps use optical character recognition (OCR) technology in order to identify text within screenshots saved on infected devices – a feature previously unseen in Android malware. This is an indication that cybercriminals are becoming increasingly sophisticated when it comes to exploiting cryptocurrencies for their own benefit.
Enhanced Security Measures Taken By Google
Google responded quickly after discovering these clippers by enhancing security measures for background apps on Android versions 10 and above. However, it remains important for users to remain vigilant against potential threats posed by malicious actors looking to exploit cryptocurrencies for their own gain