The purpose of these threats is to steal the cryptocurrency of the victims.
ESET, one of the leaders in the field of information security, discovered dozens of fake Telegram and WhatsApp websites that distributed malicious versions of these messengers for Android and Windows devices.
According to the company’s press service, most of the detected malware is capable of stealing or changing the contents of the clipboard. The purpose of these threats is to steal the cryptocurrency of the victims, and in some cases, the attackers target cryptocurrency wallets.
This is the first time that ESET researchers have recorded similar malware for Android that focused specifically on instant messaging. In addition, some of these apps use optical character recognition (OCR) to read text from screenshots stored on compromised devices.
The attackers first set up Google Ads that lead to fraudulent YouTube channels, which then redirect users to the malicious Telegram and WhatsApp websites. ESET researchers reported fraudulent ads and related YouTube channels to Google, which later blocked them.
“The main purpose of the detected malware is to intercept the messages of the victim and replace any sent and received cryptocurrency wallet addresses with the addresses of the attackers. In addition to the malicious WhatsApp and Telegram apps for Android, dangerous versions of the same apps for Windows have also been found,” the company’s researcher comments. ESET Lukas Stefanko.
Despite the same purpose, the malicious versions of these applications contain various additional features. The analyzed malware is the first example of Android threats that use optical character recognition (OCR) to read text from screenshots and photos stored on the victim’s device.
How to protect yourself – advice from ESET experts
- Only install apps from trusted sources such as the Google Play store.
- Do not store unencrypted images or screenshots containing sensitive information on your device.
- For Android users: If a malicious version of Telegram or WhatsApp is found on the device, manually uninstall it and download the app from Google Play or directly from the official website.
- For Windows users: If a malicious Telegram application is detected, use security solutions to detect the threat and remove it. Also remember that the only official version of WhatsApp for Windows is currently only available from the Microsoft Store.
ESET is an expert in the field of protection against cybercrime and digital threats, an international developer of IT security solutions, and a leading provider of threat detection technologies. Founded in 1992, ESET today has an extensive partner network and offices in more than 180 countries around the world. The head office of the company is located in Bratislava, Slovakia.