ESET Research finds cryptocurrency-stealing trojans on WhatsApp and Telegram
Programs are capable of replacing the wallet address and reading users’ seed phrases
20.03.2023 - 09:45
639
3 min
0
What’s new? ESET, an antivirus software developer, detected trojans embedded in messengers WhatsApp and Telegram for Android and Windows operating systems. According to ESET, attackers first place Google ads leading to fraudulent YouTube channels, which then redirect users to fake app sites. A downloaded version of the messenger with malware can replace cryptocurrency wallet addresses that victims send in chat messages.
How does the malware work? Some clippers use optical character recognition to extract text from screenshots and steal seed phrases to recover crypto wallets.
Seed phrase as a modern cryptocurrency security standard
Keep the seed phrase as the apple of your eye - that's the advice you can give to anyone starting their journey in cryptocurrencies
Clippers are a type of malware that steals or modifies the contents of the clipboard.
In addition to clippers, ESET also found trojans that allow remote access to victims’ devices using WhatsApp and Telegram for Windows. In some cases, the malware monitors Telegram communication for certain keywords related to cryptocurrencies. Once such a keyword is recognized, the malware sends a full message to the attacker’s server.
ESET noted that judging by the language used in the apps, the operators are targeting Chinese users. Since Telegram and WhatsApp have been blocked in China for several years, people wishing to use the apps are forced to resort to unofficial ways to install them.
To protect against trojans, ESET experts recommend deleting infected versions of messengers and installing applications only from reliable sources. In addition, it is recommended not to store unencrypted pictures or screenshots with sensitive information on your device.
Earlier, SafeGuard warned about new malware for stealing cryptocurrencies in Telegram. The malware was spread through spam with images and was hidden on the victim’s device as an operating system file. And analysts at Cyble revealed the PennyWise malware, which can steal data from 30 different crypto wallets, including cold ones. The malware is spread under the guise of free mining software, links to which are posted under tutorial videos on YouTube.
Useful material?
Telegram 
Twitter Trends
As of January 21, the capitalization of this sector of the crypto market exceeds $519 billion
Jan 21, 2025
Market
The platform generated $9,5 million in revenue during the same time
Jan 20, 2025
Market
Shares of the Trust are designed to track the market price of XRP with fewer fees and expenses
Jan 17, 2025
Market
The asset will allow USDT to move seamlessly between different blockchains
Jan 17, 2025
Market
Earlier, the community criticized the project for its lack of transparency, which led to a sharp drop in the HYPE token price
Jan 8, 2025
Market
Rising US Treasury bond yields are negatively affecting risk assets
Jan 8, 2025
Cryptocurrency rates
-
Bitcoin
$105 744
BTC
+3.15%
-
Ethereum
$3 327.56
ETH
+2.53%
-
Ripple
$3.17
XRP
+3.26%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Dogecoin
$0.371519
DOGE
+9.26%
-
Cardano
$1
ADA
+1.54%
-
Stellar XLM
$0.434977
XLM
+0.29%
-
Polkadot
$6.6
DOT
+5.94%
-
Bitcoin Cash
$449.35
BCH
+6.14%
-
Litecoin
$117.78
LTC
+2.19%