Malicious Apps Targeting WhatsApp and Telegram Users
A recent discovery by security researchers at ESET has revealed a concerning trend of websites distributing trojanized versions of popular messaging apps, WhatsApp and Telegram. These malicious apps are specifically targeting Android and Windows users, with the primary goal of stealing cryptocurrency funds.
The researchers found that many of these malicious apps contain clipper malware, which is designed to intercept and modify the contents of the Android clipboard. This allows cybercriminals to steal sensitive information, such as cryptocurrency wallet addresses, from unsuspecting victims.
What sets these malicious apps apart is their use of advanced techniques, such as OCR (optical character recognition), to extract mnemonic phrases from images saved on victims’ devices. This represents a new and alarming method of extracting sensitive information from users.
Furthermore, ESET researchers also uncovered Windows versions of these malicious apps, which are packed with remote access trojans (RATs). These RATs give attackers control over victims’ machines, allowing them to carry out a range of malicious activities.
Interestingly, the researchers noted that trojanizing Telegram was a relatively straightforward task due to the app’s open-source code. In contrast, modifying WhatsApp required a more in-depth analysis of the app’s functionality, as its source code is not publicly available.
Victims of these malicious apps are primarily Chinese-speaking users, as both Telegram and WhatsApp are blocked in China. This creates a unique opportunity for cybercriminals to exploit the situation and target users who are seeking alternative ways to access these messaging services.
In a separate discovery, Proofpoint researchers also identified a malware campaign aimed at cryptocurrency theft, further highlighting the growing threat posed by cybercriminals targeting cryptocurrency users.