Follow us on telegram

News

Magazine

Currencies

AML

For users

​ESET Research finds cryptocurrency-stealing trojans on WhatsApp and Telegram

Programs are capable of replacing the wallet address and reading users’ seed phrases

​ESET Research finds cryptocurrency-stealing trojans on WhatsApp and Telegram

20.03.2023 - 09:45

613

3 min

What’s new? ESET, an antivirus software developer, detected trojans embedded in messengers WhatsApp and Telegram for Android and Windows operating systems. According to ESET, attackers first place Google ads leading to fraudulent YouTube channels, which then redirect users to fake app sites. A downloaded version of the messenger with malware can replace cryptocurrency wallet addresses that victims send in chat messages.

Blog entry

How does the malware work? Some clippers use optical character recognition to extract text from screenshots and steal seed phrases to recover crypto wallets.

Seed phrase as a modern cryptocurrency security standard

Seed phrase as a modern cryptocurrency security standard

Keep the seed phrase as the apple of your eye - that's the advice you can give to anyone starting their journey in cryptocurrencies

Read further

Clippers are a type of malware that steals or modifies the contents of the clipboard.

In addition to clippers, ESET also found trojans that allow remote access to victims’ devices using WhatsApp and Telegram for Windows. In some cases, the malware monitors Telegram communication for certain keywords related to cryptocurrencies. Once such a keyword is recognized, the malware sends a full message to the attacker’s server.

ESET noted that judging by the language used in the apps, the operators are targeting Chinese users. Since Telegram and WhatsApp have been blocked in China for several years, people wishing to use the apps are forced to resort to unofficial ways to install them.

To protect against trojans, ESET experts recommend deleting infected versions of messengers and installing applications only from reliable sources. In addition, it is recommended not to store unencrypted pictures or screenshots with sensitive information on your device.

Earlier, SafeGuard warned about new malware for stealing cryptocurrencies in Telegram. The malware was spread through spam with images and was hidden on the victim’s device as an operating system file. And analysts at Cyble revealed the PennyWise malware, which can steal data from 30 different crypto wallets, including cold ones. The malware is spread under the guise of free mining software, links to which are posted under tutorial videos on YouTube.

Author:

Editorial GetBlock Magazine Editorial GetBlock Magazine

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy

Telegram Newsletter Twitter

Market
Ripple’s CTO urges traders not to succumb to FOMO due to the launch of RLUSD

Due to supply shortages, the asset’s pre-market exchange rate was climbing above $1000

Dec 16, 2024

Incidents
Gate denies information about the hack and urges not to believe rumors

Reports about the hacking of the exchange with calls to withdraw assets began to spread on December 13

Dec 13, 2024

Crypto regulations
Coinbase will delist USDT, PYUSD, and DAI for users in Europe

Stablecoins from issuer Circle will not be affected by the changes

Dec 12, 2024

Crypto regulations
GRVT receives a license in Bermuda and becomes the first regulated decentralized exchange

The platform will launch after meeting the preconditions of the local exchange authority

Dec 9, 2024

Market
Daily volume of liquidations in the crypto market reaches its maximum since 2021

The $1,1 billion figure was reached after the bitcoin correction

Dec 6, 2024

Crypto regulations
Bybit will stop servicing clients in Uzbekistan from December 6

By early January, all open positions and loans of local users will be closed and repaid automatically

Dec 5, 2024

Cryptocurrency rates

  • Bitcoin

    Bitcoin

    $96 786

    BTC

    -1.13%

  • Ethereum

    Ethereum

    $3 370.6

    ETH

    -1.5%

  • Ripple

    Ripple

    $2.25

    XRP

    -1.34%

  • BNB Smart Chain

    BNB Smart Chain

    $579.4

    BSC

    +1.23%

  • Dogecoin

    Dogecoin

    $0.320406

    DOGE

    -3.99%

  • Cardano

    Cardano

    $0.90937

    ADA

    -4.11%

  • Stellar XLM

    Stellar XLM

    $0.364617

    XLM

    -2.67%

  • Polkadot

    Polkadot

    $7.07

    DOT

    -4.17%

  • Bitcoin Cash

    Bitcoin Cash

    $454.27

    BCH

    -2.32%

  • Litecoin

    Litecoin

    $102.94

    LTC

    -0.02%

News

Dec 20, 2024

Metaplanet has raised 9,5 billion yen to accelerate bitcoin purchases through a bond issue

Dec 20, 2024

Bitfinex hacker Ilya Lichtenstein makes his first public statement after his arrest

Dec 20, 2024

German regulator takes tough action against Worldcoin over biometric data

Dec 20, 2024

CryptoQuant CEO: South Korea’s financial problems may force cryptocurrency businesses to go overseas

Dec 17, 2024

Kaiko analysts note the outperforming growth of XRP and SOL yields compared to BTC

Dec 17, 2024

Bybit will disable the withdrawal function in France from January 8

Dec 17, 2024

B2BINPAY names the main trends of the stablecoin market for 2025

New in the knowledge base

Basics

Monero: Behind the scenes of anonymity. How does the new generation cryptocurrency work?

Dec 18, 2024

Basics

PancakeSwap: How it works, features and ways to make money on the popular DEX exchange

Dec 12, 2024

Basics

Sei: the fastest Layer 1 blockchain ever

Nov 26, 2024

Basics

What is DePIN in cryptocurrencies?

Nov 6, 2024

Basics

What is Celestia? The first modular blockchain in the crypto industry

Oct 17, 2024

GetBlock.net — your guide in the world of crypto

For all questions, please contact [email protected]