Since Telegram is an open-source app, altering its code while keeping the app’s messaging functionality intact is relatively straightforward. Overview of the trojanized appsĭue to the different architecture of Telegram and WhatsApp, the threat actors had to choose a different approach to create trojanized versions of each of the two. Of course, these are not the only copycat applications to go after cryptocurrencies – just at the beginning of 2022, we identified threat actors focused on repackaging legitimate cryptocurrency applications that try to steal recovery phrases from their victims’ wallets. In addition to the trojanized WhatsApp and Telegram Android apps, we also found trojanized Windows versions of the same apps. The main purpose of the clippers we discovered is to intercept the victim’s messaging communications and replace any sent and received cryptocurrency wallet addresses with addresses belonging to the attackers.
As is unfortunately shown by our latest findings, this action did not succeed in weeding the problem out completely: not only did we identify the first instant messaging clippers, we uncovered several clusters of them. Prior to the establishment of the App Defense Alliance, we discovered the first Android clipper on Google Play, which led to Google improving Android security by restricting system-wide clipboard operations for apps running in the background for Android versions 10 and higher.
Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows.ESET Research has found the first instance of clippers built into instant messaging apps.
0 kommentar(er)
