“Because both Telegram and WhatsApp have been blocked in China for several years now people who wish to use these services have to resort to indirect means of obtaining them,” Stefanko and Strýček wrote. In terms of victims, the malware researchers said the trojanized versions of WhatsApp and Telegram apps mainly targeted Chinese-speaking users. “On the other hand, WhatsApp’s source code is not publicly available, which means that before repackaging the application with malicious code, the threat actors first had to perform an in-depth analysis of the app’s functionality to identify the specific places to be modified,” reads the ESET advisory.
“Through their various modules, the RATs enable the attackers control over the victims’ machines.”įrom a technical standpoint, Stefanko and Strýček explained that trojanizing Telegram was a relatively straightforward task for the threat actors, as the app’s code is open source.
The cybersecurity researchers also said they found Windows versions of the wallet-switching clippers, together with Telegram and WhatsApp installers for Windows, packed with remote access trojans (RATs). “Furthermore, some of the clippers abused OCR to extract mnemonic phrases out of images saved on the victims’ devices, a malicious use of the screen reading technology that we saw for the first time.” This was the first time we have seen Android clippers focusing specifically on instant messaging,” wrote ESET malware researchers Lukas Stefanko and Peter Strýček in a Thursday advisory. “All of them are after victims’ cryptocurrency funds, with several targeting cryptocurrency wallets. Read more on clipper malware here: Shein App Accessed Clipboard Data on Android Devices Dozens of websites set up to deliver trojanized versions of WhatsApp and Telegram apps have been spotted targeting Android and Windows users.Īs discovered by security researchers at ESET, most of these apps rely on clipper malware designed to steal or modify the contents of the Android clipboard.
0 kommentar(er)
