Dozens of Trojanized WhatsApp and Telegram Apps Target Android and Windows Users
Security researchers at ESET have uncovered a concerning trend of websites distributing trojanized versions of popular messaging apps WhatsApp and Telegram. These malicious apps are specifically designed to target Android and Windows users, with a focus on stealing cryptocurrency funds.
Clipper Malware on the Rise
Most of these fraudulent apps contain clipper malware, which is designed to steal or manipulate the contents of the Android clipboard. This allows cybercriminals to intercept sensitive information such as cryptocurrency wallet addresses. In a recent advisory, ESET researchers Lukas Stefanko and Peter Strýček noted that some of these malicious apps even use optical character recognition (OCR) to extract mnemonic phrases from images stored on victims’ devices.
According to Stefanko and Strýček, this is the first time they have observed Android clippers being used specifically for instant messaging platforms. This new tactic highlights the evolving strategies of cybercriminals in their quest to steal valuable cryptocurrency assets.
Windows Users Also at Risk
In addition to targeting Android users, ESET researchers have identified trojanized versions of WhatsApp and Telegram apps for Windows. These malicious installers are packed with remote access trojans (RATs) that give attackers full control over victims’ machines.
While trojanizing Telegram was relatively straightforward due to its open-source code, modifying WhatsApp required a more in-depth analysis of the app’s functionality. Despite this challenge, cybercriminals have successfully repackaged WhatsApp with malicious code to target unsuspecting users.
Chinese-Speaking Users Prime Targets
The trojanized WhatsApp and Telegram apps primarily target Chinese-speaking users, as both messaging platforms are blocked in China. This limitation forces users to seek alternative methods to access these services, creating an opportunity for cybercriminals to exploit the situation.
Stefanko and Strýček emphasized that the prevalence of these malicious apps underscores the importance of practicing caution when downloading software from unofficial sources.
Continued Threat of Cryptocurrency Theft
In a separate discovery, cybersecurity firm Proofpoint identified a malware campaign aimed at stealing cryptocurrency funds. This highlights the ongoing threat posed by cybercriminals seeking to exploit the growing popularity of digital currencies.
As cyber threats continue to evolve, it is crucial for users to remain vigilant and take proactive measures to protect their personal information and assets. By staying informed about the latest security risks and exercising caution when downloading apps, individuals can reduce their risk of falling victim to malicious attacks.