ESET Research finds cryptocurrency-stealing trojans on WhatsApp and Telegram
Programs are capable of replacing the wallet address and reading users’ seed phrases
20.03.2023 - 09:45
206
3 min
0
What’s new? ESET, an antivirus software developer, detected trojans embedded in messengers WhatsApp and Telegram for Android and Windows operating systems. According to ESET, attackers first place Google ads leading to fraudulent YouTube channels, which then redirect users to fake app sites. A downloaded version of the messenger with malware can replace cryptocurrency wallet addresses that victims send in chat messages.
How does the malware work? Some clippers use optical character recognition to extract text from screenshots and steal seed phrases to recover crypto wallets.
Seed phrase as a modern cryptocurrency security standard
Keep the seed phrase as the apple of your eye - that's the advice you can give to anyone starting their journey in cryptocurrencies
Clippers are a type of malware that steals or modifies the contents of the clipboard.
In addition to clippers, ESET also found trojans that allow remote access to victims’ devices using WhatsApp and Telegram for Windows. In some cases, the malware monitors Telegram communication for certain keywords related to cryptocurrencies. Once such a keyword is recognized, the malware sends a full message to the attacker’s server.
ESET noted that judging by the language used in the apps, the operators are targeting Chinese users. Since Telegram and WhatsApp have been blocked in China for several years, people wishing to use the apps are forced to resort to unofficial ways to install them.
To protect against trojans, ESET experts recommend deleting infected versions of messengers and installing applications only from reliable sources. In addition, it is recommended not to store unencrypted pictures or screenshots with sensitive information on your device.
Earlier, SafeGuard warned about new malware for stealing cryptocurrencies in Telegram. The malware was spread through spam with images and was hidden on the victim’s device as an operating system file. And analysts at Cyble revealed the PennyWise malware, which can steal data from 30 different crypto wallets, including cold ones. The malware is spread under the guise of free mining software, links to which are posted under tutorial videos on YouTube.
Useful material?
Market
Tether Finance division will be responsible for the issuance and redemption of USDT stablecoins
Apr 18, 2024
Trends
The first project introduced on the platform will be BounceBit (BB)
Apr 18, 2024
Business
The rate exchange of the native ACH token reacted with a 10% increase
Apr 18, 2024
Market
Miners are hunting for the first block after halving as the value of the first satoshi could exceed $1 million
Apr 18, 2024
Market
The platform will be non-custodial and accessible to everyone
Apr 15, 2024
Market
China Asset Management, Harvest Global Investments, and Bosera Asset Management have received permits
Apr 15, 2024