econintersect.com
  • 토토사이트
    • 카지노사이트
    • 도박사이트
    • 룰렛 사이트
    • 라이브카지노
    • 바카라사이트
    • 안전카지노
  • 경제
  • 파이낸스
  • 정치
  • 투자
No Result
View All Result
  • 토토사이트
    • 카지노사이트
    • 도박사이트
    • 룰렛 사이트
    • 라이브카지노
    • 바카라사이트
    • 안전카지노
  • 경제
  • 파이낸스
  • 정치
  • 투자
No Result
View All Result
econintersect.com
No Result
View All Result
Home Econ Intersect News

Telegram And WhatsApp Lookalike Websites Distribute Crypto Stealing Malware

admin by admin
3월 17, 2023
in Econ Intersect News, Economics
0
Telegram And WhatsApp Lookalike Websites Distribute Crypto Stealing Malware
0
SHARES
0
VIEWS

Copycat sites for instant messaging apps like WhatsApp and Telegram are getting used to distribute some trojanized versions that infect Android and Windows users with crypto clipper malware.

Cryptocurrency Stealing Malware

ESET researchers Peter Strýček and Lukáš Štefanko stated in a new analysis:

“All of them are after victims’ cryptocurrency funds, with several targeting cryptocurrency wallets.”

While the first incident of clipper malware on the Google Play Store dates back to 2019, this development marks the first time the Android-based clipper malware has been built into instant messaging apps.

“Moreover, some of these apps use optical character recognition (OCR) to recognize text from screenshots stored on the compromised devices, which is another first for Android malware.”

The attack chain starts with the unsuspecting users clicking on some fraudulent ads on Google search results that result in hundreds of sketchy YouTube channels, which then directs them to lookalike WhatsApp and Telegram websites.

What is interesting about the latest batch of clipper malware is that it can intercept a victim’s chat and replace any sent and received crypto wallet addresses with addresses that are controlled by the threat actors.

Another cluster of clipper malware uses OCR to find and steal seed phrases by leveraging some legitimate machine learning plugin known as ML Kit on Android, which makes it possible for criminals to empty the wallets.

A third cluster is developed strategically to keep tabs on Telegram conversations for various Chinese keywords, both hard-coded and received from a server, linked to cryptos, and if so, exfiltrate the entire message, together with the username, channel or group name, to a remote server.

Telegram and WhatsApp crypto clipper malware

A fourth set of Android clippers come with extensive features and capabilities to switch the wallet address and harvest device information and Telegram data including contacts and messages.

The criminal Android APK package names include:

  • org.tgplus.messenger
  • org.telegram.messenger
  • com.whatsapp
  • org.telegram.messenger.web2
  • io.busniess.va.whatsapp

ESET insisted that it also found two Windows clusters, one that is engineered expertly to swap wallet addresses and a second group that is designed to distribute remote access trojans (RATs) in place of clippers to gain control of the infected hosts and perpetrate different crypto thefts.

All these analyzed RAT samples are mainly based on the publicly available Gh0st RAT, except one, which uses more anti-analysis runtime checks in its execution and utilizes the HP-socket library to fully communicate with its server.

Notably, these clusters represent different sets of activity possibly developed by many threat actors despite following a similar modus operandi.

Buy Bitcoin Now

The campaign, just like any other similar malicious cyber operation that was discovered in 2022, is geared specifically towards Chinese-speaking users, mostly motivated by the fact that WhatsApp and Telegram are blocked in the Asian country.

The researchers said:

“People who wish to use these services have to resort to indirect means of obtaining them. Unsurprisingly, this constitutes a ripe opportunity for cybercriminals to abuse the situation.”

Tags: clipper malwarecryptocrypto clipper malwarecrypto malwarecrypto marketcryptocurrencymalware
Previous Post

Bitcoin Explodes Past $26,800 On Fed’s $300B Injection Into US Banks, It’s A Bullish Affair…

Next Post

Tyson Foods To Close Two US Chicken Factories With Nearly 1,700 Workers

Related Posts

Bitcoin Is Finally Trading Perfectly Like 'Digital Gold'
Economics

Bitcoin Is Finally Trading Perfectly Like ‘Digital Gold’

by admin
6,746 ETH Valued At $12M Was Just Burned
Economics

6,746 ETH Valued At $12M Was Just Burned

by admin
Bitcoin Is Steady Above $29,000 Awaiting US NFP Figures
Economics

Bitcoin: What Next After Consolidation Ends?

by admin
US Government Offloads Another 8,200 Bitcoin – On-chain Data
Economics

US Government Offloads Another 8,200 Bitcoin – On-chain Data

by admin
Bitcoin Stumbles As Macro And Regulatory Concerns Arise, What Next?
Economics

Bitcoin Stumbles As Macro And Regulatory Concerns Arise, What Next?

by admin
Next Post
Tyson Foods To Close Two US Chicken Factories With Nearly 1,700 Workers

Tyson Foods To Close Two US Chicken Factories With Nearly 1,700 Workers

답글 남기기 응답 취소

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다

Browse by Category

  • Business
  • Econ Intersect News
  • Economics
  • Finance
  • Politics
  • Uncategorized

Browse by Tags

adoption altcoins bank banking banks Binance Bitcoin Bitcoin market blockchain BTC BTC price business China crypto crypto adoption cryptocurrency crypto exchange crypto market crypto regulation decentralized finance DeFi Elon Musk ETH Ethereum Europe Federal Reserve finance FTX inflation investment market analysis Metaverse NFT nonfungible tokens oil market price analysis recession regulation Russia stock market technology Tesla the UK the US Twitter

Categories

  • Business
  • Econ Intersect News
  • Economics
  • Finance
  • Politics
  • Uncategorized

© Copyright 2024 EconIntersect

No Result
View All Result
  • 토토사이트
    • 카지노사이트
    • 도박사이트
    • 룰렛 사이트
    • 라이브카지노
    • 바카라사이트
    • 안전카지노
  • 경제
  • 파이낸스
  • 정치
  • 투자

© Copyright 2024 EconIntersect