ESET detected many Telegram and WhatsApp clone websites that prey on Android and Windows users with trojanized instant messaging programs with the intention of stealing their victims' cryptocurrency.
The researchers found a large number of dangerous programs that are categorized as clippers, a type of malware that either steals or modifies clipboard information. These scammers target cryptocurrency wallets of their victims and, in some circumstances, expressly target their cryptocurrency funds.
For the first time, Android clippers have been discovered inside of instant messaging programs, opening up new opportunities for hackers to prey on the rising number of cryptocurrency users.
A couple of these applications also use optical character recognition (OCR) technology, a previously unheard-of function in Android malware, to detect text in screenshots captured on the infected devices.
These clippers' main goal is to intercept victims' message conversations and replace any sent or received bitcoin wallet addresses with ones under the attackers' control. As a result, fraudsters can steal money from unaware users who rely on the trojanized applications to deal in cryptocurrencies.
The malicious Windows versions of WhatsApp and Telegram that are packaged with remote access trojans (RATs) were discovered in addition to the trojanized WhatsApp and Telegram Android applications by ESET researchers. These RATs provide attackers even more access to the victims' devices, enabling them to steal private data and carry out other nefarious deeds.
ESET researchers found the first Android clipper on Google Play before the App Defense Alliance was founded. As a result of this revelation, Google strengthened Android security by restricting background app actions on the system-wide clipboard on Android versions 10 and up.
The most recent research, however, demonstrates that these security measures have not entirely solved the issue.
Users are advised by cybersecurity professionals to take caution when installing instant messaging programs and to only do so from reputable stores like the Google Play Store or the Apple App Store.
To further protect themselves against these kinds of assaults, users should use strong, unique passwords for their accounts and keep their devices updated with the most recent security updates.
The research emphasizes the significance of maintaining vigilance in securing one's digital assets as well as the rising threat posed by malware targeted at cryptocurrencies. Cybercriminals will probably keep coming up with new strategies and techniques to target people and steal their precious digital assets as cryptocurrencies gain in popularity.
After a recent event involving the decentralized financing (DeFi) site Euler Finance, which had a flash loan attack and lost $197 million in DAI stablecoin, WBTC, stETH, and USDC, this development has occurred.
In order to find the offenders, Euler Labs is presently working with security experts and law enforcement organizations.