ESET discovered many copycat Telegram and WhatsApp websites targeting Android and Windows users with trojanized versions of instant messaging apps, all were designed to steal victims’ cryptos.
A recent investigation by ESET researchers revealed dozens of copycat Telegram and WhatsApp websites targeting Android and Windows users with trojanized versions of these popular instant messaging apps.
More scams looking to steal crypto
Numerous malicious apps discovered by the researchers are classified as clippers, a form of malware that either steals or alters clipboard contents. These clippers specifically target victims’ cryptocurrency funds, and in some cases, directly focus on their cryptocurrency wallets.
This is the first time that Android clippers have been found built into instant messaging apps, marking a new frontier for cybercriminals targeting the growing number of people using cryptocurrencies.
Additionally, a few of these apps employ optical character recognition (OCR) technology to identify text within screenshots saved on the infected devices – a previously unseen feature in Android malware.
The primary objective of these clippers is to intercept victims‘ messaging interactions and substitute any transmitted or received cryptocurrency wallet addresses with those controlled by the attackers. This enables cybercriminals to pilfer funds from unwitting users who rely on the trojanized apps for conducting cryptocurrency transactions.
In addition to the trojanized WhatsApp and Telegram Android apps, ESET researchers also found malicious Windows versions of the same apps, which are bundled with remote access trojans (RATs). These RATs provide attackers with even more control over the victims’ devices, allowing them to steal sensitive information and perform other malicious activities.
Prior to the establishment of the App Defense Alliance, ESET researchers discovered the first Android clipper on Google Play. As a result of this discovery, Google enhanced Android security by limiting system-wide clipboard operations for background apps on Android versions 10 and above.
However, as shown by the latest findings, these security measures have not completely eradicated the problem.
Cybersecurity experts warn that users should be cautious when downloading instant messaging apps and only download them from official sources, such as the Google Play Store or the Apple App Store.
Additionally, users should keep their devices up-to-date with the latest security patches and use strong, unique passwords for their accounts to protect themselves from these types of attacks.
The investigation highlights the growing threat of cryptocurrency-focused malware and the importance of staying vigilant in protecting one’s digital assets. With the increasing popularity of cryptocurrencies, it is likely that cybercriminals will continue to develop new methods and tactics to target users and steal their valuable digital assets.
This development comes after a recent incident involving decentralized finance (DeFi) platform Euler Finance, which suffered a flash loan attack and lost $197 million in DAI stablecoin, WBTC, stETH, and USDC.
Euler Labs is currently collaborating with security professionals and law enforcement agencies to track down the perpetrators.