Türkiye News Portal Logo
Eset kripto para calan sahte whatsapp ve telegram uygulamalari tespit etti 6802.jpg

ESET detects fake WhatsApp and Telegram apps stealing cryptocurrencies

ESET Research detects WhatsApp and Telegram apps that steal cryptocurrencies and contain trojans with new features

Cybersecurity company ESET has detected the first instance of a malware called clipper, which is embedded in instant messaging applications and can retrieve information from the display clipboard. Threat actors enable users to download Telegram and WhatsApp applications, modified by incorporating Trojan horses, on their Android and Windows devices via fake websites.

Thanks to these fake apps, they can track victims’ cryptocurrencies. The malware can replace the cryptocurrency wallet addresses sent by the victim from the chat application with the addresses belonging to the attacker. They can abuse optical character recognition to extract text from the display clipboard and steal account recovery codes for the cryptocurrency wallet.

ESET researchers have identified trojanized versions of WhatsApp and Telegram apps, as well as dozens of copycat websites for those instant messaging apps specifically targeting Android and Windows users. Most of the detected malware is clipper, a type of malware that steals or alters clipboard contents. All of the software in question tries to steal victims’ cryptocurrencies, while some target cryptocurrency wallets. For the first time, ESET Research has detected Android-based clipper software specifically targeting instant messaging apps. Also, some of these apps use optical character identification (OCR) to extract text from screenshots saved on compromised devices. This is another first for Android-based malware.

Scammers are trying to seize cryptocurrency wallets via instant messaging apps

When the language used in the imitation applications was examined, it was revealed that the people using these software were especially targeting Chinese-speaking users. Since the use of both Telegram and WhatsApp in China has been prohibited since 2015 and 2017, respectively, people who wanted to use these applications had to resort to indirect means. The threat actors in question first set up Google Ads, which redirects them to fake YouTube channels, and then redirects users to copycat Telegram and WhatsApp websites. ESET Research reported the fake ads and related YouTube channels to Google, and Google immediately discontinued all of these ads and channels.

ESET researcher Lukáš Štefanko, who detected Trojan-hidden applications, said: “The main purpose of the clipper software we detected is to intercept the victim’s messages and replace the sent and received cryptocurrency wallet addresses with the addresses belonging to the attacker. Besides the trojan-disguised Android-based WhatsApp and Telegram apps, we also detected trojan-hidden Windows versions of the same apps.”

Trojan-disguised versions of these apps have different features, although they serve the same purpose. The reviewed Android-based clipper software is the first Android-based malware to use OCR to read text from screenshots and photos stored on the victim’s device. OCR is used to find and play the key phrase. The key phrase is a mnemonic code, a set of words used to recover cryptocurrency wallets. As soon as the malicious actors get hold of the key phrase, they can directly steal all the cryptocurrencies in the respective wallet.

The malware replaces the victim’s cryptocurrency wallet address with the attacker’s chat address. It does this with addresses either directly in the program or dynamically obtained from the attacker’s server. In addition, the software monitors Telegram messages to detect specific keywords related to cryptocurrencies. As soon as the software detects such a keyword, it forwards the entire message to the attacker’s server.

ESET Research has detected Windows-based Telegram and WhatsApp installers containing remote access trojans (RATs), as well as Windows versions of these wallet address-altering clipper software. Based on the application model, it was discovered that one of the Windows-based malicious packages is not clipper software, but RATs that can take complete control of the victim’s system. Thus, these RATs can steal cryptocurrency wallets without intercepting the application flow.

Lukáš Štefanko advises: “Install apps only from reliable and reliable sources, such as Google Play Store, and do not store unencrypted pictures or screenshots containing important information on your device. If you think you have a Trojan-disguised Telegram or WhatsApp application on your device, manually uninstall these applications from your device and download the application either from Google Play or directly from the legitimate website. If you suspect you have a malicious Telegram app on your Windows-based device, use a security solution that detects and removes the threat. The only official version of WhatsApp for Windows is currently available in the Microsoft store.”

Source: (BYZHA) – Beyaz News Agency

Popular

Uluğbeyler Erol Güngör Documentary Meets Audience with Gala Screening (2)
“Uluğbeyler: Erol Güngör” Documentary Meets Audience with Gala Screening
The “Cultural” Test of Urban Transformation Is Memory Being Erased While Cities Are Renewed
The “Cultural” Test of Urban Transformation: Is Memory Being Erased While Cities Are Renewed?
Ceren Göğebakan, Günsu Saraçoğlu – Sanatın Evrim’i Episode 86, Evrim Sanat, Mikado İletişim
Ceren Göğebakan, Günsu Saraçoğlu – Sanatın Evrim’i Episode 86, Evrim Sanat, Mikado İletişim
Nature based Solution in Ezine Olive Groves Drought Resilience Will Increase with Green Manuring.
Nature-based Solution in Ezine Olive Groves: Drought Resilience Will Increase with Green Manuring.
The Guest of the 122nd Episode of With Eylül Aşkın… Was Özge Öztimur Music, Motorcycles, and the New Single
The Guest of the 122nd Episode of “With Eylül Aşkın…” Was Özge Öztimur: Music, Motorcycles, and the New Single
Çankırı Electrician Installations Resistant to Central Anatolia's Arid Continental Climate
Çankırı Electrician: Installations Resistant to Central Anatolia’s Arid Continental Climate
WE ARE IN DEEP SORROW FOR THE LOSS OF PROF. DR. İLBER ORTAYLI, THE LIVING MEMORY OF HISTORY AND THE GUIDE OF TURKISH CULTURE
WE ARE IN DEEP SORROW FOR THE LOSS OF PROF. DR. İLBER ORTAYLI, THE LIVING MEMORY OF HISTORY AND THE GUIDE OF TURKISH CULTURE
Ayşe Nazmiye Uça “Macho Management Culture Survives on Fear”
Ayşe Nazmiye Uça: “Macho Management Culture Survives on Fear”
The Strong Bond Academia and Entrepreneurship Becomes Visible Again at Sabancı University
The Strong Bond Academia and Entrepreneurship Becomes Visible Again at Sabancı University
LÖSEV's Solidarity and Morale Iftars During Ramadan Children's Recovery Comes First
LÖSEV’s Solidarity and Morale Iftars During Ramadan: Children’s Recovery Comes First
Striking Awareness Event from Turkish Kidney Foundation for World Kidney Day Giant Kidney Model Made from 1800 PET Bottles
Striking Awareness Event from Turkish Kidney Foundation for World Kidney Day: Giant Kidney Model Made from 1800 PET Bottles
Persistent Headaches Could Be Caused by Teeth Grinding!
Persistent Headaches Could Be Caused by Teeth Grinding!
The 32nd IFSAK Short Film Festival Has Begun Cinema Enthusiasts Meet on March 9
The 32nd IFSAK Short Film Festival Has Begun: Cinema Enthusiasts Meet on March 9-15
Candid Statements from Tülay Türken on Being a Woman in Iran and Turkey
Candid Statements from Tülay Türken on Being a Woman in Iran and Turkey
EcosySTEM Education Center Made a Strong Start to 2026 with Science and Nature Focused Education
ecosySTEM Education Center Made a Strong Start to 2026 with Science- and Nature-Focused Education
An Inner Journey from Artist Günsu Saraçoğlu “Slow Down Life Hayatı Yavaşlat” at the MTSO Art Gallery
An Inner Journey from Artist Günsu Saraçoğlu: “Slow Down Life / Hayatı Yavaşlat” at the MTSO Art Gallery
Büşra Nazlan Üregül Özge Zeki, Conversations in Search of Happiness, Episode
Büşra Nazlan Üregül – Özge Zeki, Conversations in Search of Happiness, Episode 11
My Impressions of Cologne From Sociological Observations to Lessons in Urbanism Murat TÜZEL
My Impressions of Cologne: From Sociological Observations to Lessons in Urbanism – Murat TÜZEL
The Evolution of Art Episode 84 – Ediz Birlikdoğan, Günsu Saraçoğlu – Evrim Sanat, Mikado İletişim
The Evolution of Art Episode 84 – Ediz Birlikdoğan, Günsu Saraçoğlu – Evrim Sanat, Mikado İletişim
Bahar Taşkıran, Eylül Aşkın İle… Special Interview, Episode
Bahar Taşkıran, Eylül Aşkın İle… Special Interview, Episode 118
New Single from Burcu Kurt “Aşk Gerek” Now Available on Digital Platforms
New Single from Burcu Kurt “Aşk Gerek” Now Available on Digital Platforms
The Guv Releases New Single “Angels & Jerks”
The Guv Releases New Single “Angels & Jerks”
Under the Leadership of Sezen Pişgin Sagopa Kajmer Thrilled 1,500 People in Times Square!
Under the Leadership of Sezen Pişgin: Sagopa Kajmer Thrilled 1,500 People in Times Square!
The Evolution of Art Episode 82 – Betül Sinanoğlu, Günsu Saraçoğlu – Evrim Sanat, Mikado İletişim
The Evolution of Art Episode 82 – Betül Sinanoğlu, Günsu Saraçoğlu – Evrim Sanat, Mikado İletişim
Pınar Yahşi, Şükriye Karaçay – Curator Nuray Özler Yolcu – Art Han Gallery
Pınar Yahşi, Şükriye Karaçay – Curator Nuray Özler Yolcu – Arthan Gallery
Türkiye News Portal Logo
Turhapo Logo
Türkiye Haber Portalı Logo