• ESET researchers discovered copycat Telegram and WhatsApp websites targeting Android and Windows users with trojanized versions of these popular instant messaging apps.
• These malicious apps are classified as clippers, a form of malware that either steals or alters clipboard contents.
• Additionally, some of these apps employ optical character recognition (OCR) technology to identify text within screenshots saved on the infected devices.
Hackers Target Crypto Through Trojanized Apps
ESET researchers recently discovered many copycat Telegram and WhatsApp websites targeting Android and Windows users with trojanized versions of instant messaging apps, all designed to steal victims‘ cryptos. The malicious apps are classified as clippers, a form of malware that either steals or alters clipboard contents in order to intercept cryptocurrency wallet addresses from victims‘ messaging interactions and substitute them with those controlled by the attackers. Some of these apps also employ optical character recognition (OCR) technology to identify text within screenshots saved on the infected devices.
Clipper Malware: A New Frontier for Cyber Criminals
This is the first time that Android clippers have been found built into instant messaging apps, marking a new frontier for cybercriminals targeting the growing number of people using cryptocurrencies. The primary objective of these clippers is to intercept victims‘ cryptocurrency funds, allowing cybercriminals to pilfer funds from unwitting users who rely on the trojanized apps for conducting cryptocurrency transactions. Additionally, there were also malicious Windows versions of these same apps bundled with remote access trojans (RATs), which provide attackers with even more control over the victims‘ devices in order to steal sensitive information and perform other malicious activities.
Google Play Enhances Security After Discovery
Prior to the establishment of App Defense Alliance, ESET researchers discovered the first Android clipper on Google Play. As a result of this discovery, Google enhanced Android security by limiting system-wide clipboard operations for background apps on Android versions 10 and above. This was done in order to protect unsuspecting users who unknowingly download malicious applications through unofficial sources rather than through legitimate app stores like Google Play Store or Apple App Store.
Tips For Avoiding Clipper Malware Attacks
In order to avoid becoming a victim of this type of attack it is important for users not only be aware but also practice good cybersecurity hygiene practices such as:
• Only installing applications from official app stores; • Regularly updating mobile operating systems; • Using two-factor authentication when available; • Utilizing strong passwords and password managers; • Implementing endpoint security software solutions;