“The main purpose of the clippers we discovered is to intercept the victim’s messaging communications and replace any sent and received cryptocurrency wallet addresses with addresses belonging to the attackers. ESET Research immediately reported the fraudulent ads and related YouTube channels to Google, which promptly shuttered them all. The threat actors first set up Google Ads leading to fraudulent YouTube channels, which then redirected the viewers to copycat Telegram and WhatsApp websites. Because both Telegram and WhatsApp have been blocked in China for several years now, with Telegram being blocked since 2015 and WhatsApp since 2017, people who wish to use these services have to resort to indirect means of obtaining them. Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware.īased on the language used in the copycat applications, it seems that the operators behind them mainly target Chinese-speaking users. This was the first time ESET Research had seen Android clippers focusing specifically on instant messaging. All of them are after victims’ cryptocurrency funds, with several targeting cryptocurrency wallets. Most of the malicious apps we identified are clippers - a type of malware that steals or modifies the contents of the clipboard.
In addition to clippers, ESET also found remote access trojans bundled with malicious Windows versions of WhatsApp and Telegram.īRATISLAVA, KOŠICE - MaESET researchers have discovered dozens of copycat Telegram and WhatsApp websites targeting mainly Android and Windows users with trojanized versions of these instant messaging apps.
Some of the clippers abuse optical character recognition to extract text from screenshots and steal cryptocurrency wallet recovery phrases.The malware can switch the cryptocurrency wallet addresses the victim sends in chat messages to addresses belonging to the attacker.Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows.ESET Research has found the first instance of clippers built into instant messaging apps.
0 kommentar(er)
