Trojanized WhatsApp, Telegram apps are targeting cryptocurrency wallets
By Bob Garcia
Users of the popular apps need to be aware that they could be targets of crypto scammers
WhatsApp and Telegram are messaging applications with several powerful security filters. However, according to ESET’s research team, there are a large number of websites posing as both apps, especially targeting Android and Windows with trojanized versions. Most of the identified applications are clippers, a type of malware that steals or modifies content stored in the clipboard. It appears that victims have suffered from major thefts, including cryptocurrency wallets.
According to recent findings, many of these clipboards have been intended to steal funds related to the cryptocurrency space. This is the first time that the use of Android clipboards disguised as instant messaging apps has been revealed. In addition, some of these apps use Optical Character Recognition (OCR) in order to recognize text from screenshots stored on compromised devices, a malware development that Android will have to pay special attention to.
These clipboards apparently have the main purpose of intercepting communications in messaging apps used by the victim and replacing any cryptocurrency wallet addresses received and sent with addresses belonging to the attackers. Android was not the only one affected, as the team of experts also found trojanized versions of Telegram and WhatsApp apps for Windows.
As many on Americas Cardroom will recall, last year identified threat actors focused on repackaging legitimate cryptocurrency apps that attempt to steal recovery phrases from their victims’ wallets. While the process of maintaining Telegram’s functionality is straightforward, given that it is open source based, but the case is different for WhatsApp. Analysts believe that the attackers first had to perform an in-depth analysis of the app’s functionality to identify the specific places to modify.