Eset Kripto Para Calan Sahte Whatsapp Ve Telegram Uygulamalari Tespit Etti 6802.jpg

ESET detects fake WhatsApp and Telegram apps stealing cryptocurrencies

ESET Research detects WhatsApp and Telegram apps that steal cryptocurrencies and contain trojans with new features

Cybersecurity company ESET has detected the first instance of a malware called clipper, which is embedded in instant messaging applications and can retrieve information from the display clipboard. Threat actors enable users to download Telegram and WhatsApp applications, modified by incorporating Trojan horses, on their Android and Windows devices via fake websites.

Thanks to these fake apps, they can track victims’ cryptocurrencies. The malware can replace the cryptocurrency wallet addresses sent by the victim from the chat application with the addresses belonging to the attacker. They can abuse optical character recognition to extract text from the display clipboard and steal account recovery codes for the cryptocurrency wallet.

ESET researchers have identified trojanized versions of WhatsApp and Telegram apps, as well as dozens of copycat websites for those instant messaging apps specifically targeting Android and Windows users. Most of the detected malware is clipper, a type of malware that steals or alters clipboard contents. All of the software in question tries to steal victims’ cryptocurrencies, while some target cryptocurrency wallets. For the first time, ESET Research has detected Android-based clipper software specifically targeting instant messaging apps. Also, some of these apps use optical character identification (OCR) to extract text from screenshots saved on compromised devices. This is another first for Android-based malware.

Scammers are trying to seize cryptocurrency wallets via instant messaging apps

When the language used in the imitation applications was examined, it was revealed that the people using these software were especially targeting Chinese-speaking users. Since the use of both Telegram and WhatsApp in China has been prohibited since 2015 and 2017, respectively, people who wanted to use these applications had to resort to indirect means. The threat actors in question first set up Google Ads, which redirects them to fake YouTube channels, and then redirects users to copycat Telegram and WhatsApp websites. ESET Research reported the fake ads and related YouTube channels to Google, and Google immediately discontinued all of these ads and channels.

ESET researcher Lukáš Štefanko, who detected Trojan-hidden applications, said: “The main purpose of the clipper software we detected is to intercept the victim’s messages and replace the sent and received cryptocurrency wallet addresses with the addresses belonging to the attacker. Besides the trojan-disguised Android-based WhatsApp and Telegram apps, we also detected trojan-hidden Windows versions of the same apps.”

Trojan-disguised versions of these apps have different features, although they serve the same purpose. The reviewed Android-based clipper software is the first Android-based malware to use OCR to read text from screenshots and photos stored on the victim’s device. OCR is used to find and play the key phrase. The key phrase is a mnemonic code, a set of words used to recover cryptocurrency wallets. As soon as the malicious actors get hold of the key phrase, they can directly steal all the cryptocurrencies in the respective wallet.

The malware replaces the victim’s cryptocurrency wallet address with the attacker’s chat address. It does this with addresses either directly in the program or dynamically obtained from the attacker’s server. In addition, the software monitors Telegram messages to detect specific keywords related to cryptocurrencies. As soon as the software detects such a keyword, it forwards the entire message to the attacker’s server.

ESET Research has detected Windows-based Telegram and WhatsApp installers containing remote access trojans (RATs), as well as Windows versions of these wallet address-altering clipper software. Based on the application model, it was discovered that one of the Windows-based malicious packages is not clipper software, but RATs that can take complete control of the victim’s system. Thus, these RATs can steal cryptocurrency wallets without intercepting the application flow.

Lukáš Štefanko advises: “Install apps only from reliable and reliable sources, such as Google Play Store, and do not store unencrypted pictures or screenshots containing important information on your device. If you think you have a Trojan-disguised Telegram or WhatsApp application on your device, manually uninstall these applications from your device and download the application either from Google Play or directly from the legitimate website. If you suspect you have a malicious Telegram app on your Windows-based device, use a security solution that detects and removes the threat. The only official version of WhatsApp for Windows is currently available in the Microsoft store.”

Source: (BYZHA) – Beyaz News Agency


Following The Trail Of Cultural Diversity The 13th Edition Of The Sintesi Exhibition Has Begun!
Following the Trail of Cultural Diversity: The 13th Edition of the SINTESI Exhibition Has Begun!
Numan Aykut Şahin's Exhibition Hasibe A Village Story Beyond The Line At Asmalımescit Art Gallery
Numan Aykut Şahin’s Exhibition “Hasibe: A Village Story Beyond the Line” at Asmalımescit Art Gallery
Zeynel I Am A Person Who Wants To Do What I Do For A Lifetime
Zeynel: “I am a person who wants to do what I do for a lifetime”
The Business World, Medicine, And Academia Came Together At The Wellbeing Conference In Istanbul
The Business World, Medicine, and Academia Came Together at the Wellbeing Conference in Istanbul
Haluk Naci Tuğcu's 'kavuşma' Exhibition At Fırat Neziroğlu Art Space
Haluk Naci Tuğcu’s ‘Kavuşma’ Exhibition at Fırat Neziroğlu Art Space
Ayşe Ayşen Bulut 2025 Will Be A Lucky Year With Eylül Aşkın... Special Interview
Ayşe Ayşen Bulut: “2025 will be a lucky year” with Eylül Aşkın… Special Interview
“i Am Interested In Those Who Haven't Been Introduced To Art” Yılmaz Karaman, Eylül Aşkın
“I am interested in those who haven’t been introduced to art” Yılmaz Karaman, Eylül Aşkın
Applied Training At Ağrı İbrahim Çeçen University Gastronomy Laboratory
Applied Training at Ağrı İbrahim Çeçen University Gastronomy Laboratory
What Are The Environmental Impacts Of Processed Foods On Our Planet
What are the environmental impacts of processed foods on our planet?
This Week's Guest In The Evolution Of Art Program Is Artist Dünya Dural
This week’s guest in the Evolution of Art program is Artist Dünya Dural
Dyslexia Art Exhibition Social Messages Through The Power Of Art
Dyslexia Art Exhibition: Social Messages through the Power of Art
The Second Stop Of The Osman Hamdi Bey Kemahlıoğlu Special Collection Exhibition Tunceli Museum
The Second Stop of the Osman Hamdi Bey Kemahlıoğlu Special Collection Exhibition: Tunceli Museum
Yunus Gültekin “don't Trust Any Association That You Are Not Involved In” With Eylül Aşkın… Special Interview
Yunus Gültekin “Don’t trust any association that you are not involved in” with Eylül Aşkın… Special Interview
Italians Flock To The Rome Bar Show Eylül Aşkın
Italians Flock to the Rome Bar Show – Eylül Aşkın
Mine Tugay Shared Her Health Secrets In 1 Week Detox Camp At Vivamayr
Mine Tugay Shared Her Health Secrets in 1-Week Detox Camp at VIVAMAYR
Berk Yalçınkaya “we Provide Great Advantage In Micro Exports With Etgb”
Berk Yalçınkaya: “We Provide Great Advantage in Micro Exports with ETGB”
Sevtap Çapan “everyone Thinks They Are A Professor” With Eylül Aşkın Special Interview
Sevtap Çapan: “Everyone thinks they are a professor” with Eylül Aşkın Special Interview
İsder Yönetim Kurulu Başkanı Serkan Karataş “komatek 2024 Fuarı’nda Sektörün Genel Durumunu, Güncel Gelişmeleri Değerlendireceğiz”
İSDER Chairman Serkan Karataş: “We will evaluate the general situation of the sector and current developments at KOMATEK 2024 Fair”
In The Footsteps Of Mustafa Kemal The Voice Of Liberation Echoing In Anatolia
In the Footsteps of Mustafa Kemal: The Voice of Liberation Echoing in Anatolia
An Unforgettable Night From Tev Turkey Virtuosi Chamber Orchestra
An Unforgettable Night from TEV Turkey Virtuosi Chamber Orchestra
Artist Ahmet Öcal Is This Week's Guest In The Evolution Of Art Program
Artist Ahmet Öcal is this week’s guest in the Evolution of Art program
Hale İsmet, Eylül Zamanı… A September Time At Next Pera Art Gallery Part 1
Hale İsmet, Eylül Zamanı… A September Time at Next Pera Art Gallery Part 1
In The Footsteps Of Tolstoy Sinan Demir's Literary Adventure With Eylül Aşkın Special Interview
In the Footsteps of Tolstoy: Sinan Demir’s Literary Adventure – with Eylül Aşkın Special Interview
Expected Activity In Tourism Ceo Gökhan Sivrikaya's Assessment
Expected Activity in Tourism: CEO Gökhan Sivrikaya’s Assessment
Different Symptoms Of Depression In Youth And Old Age What Experts Say
Different Symptoms of Depression in Youth and Old Age: What Experts Say
Türkiye News Portal Logo
Turhapo Logo
Türkiye Haber Portalı Logo

INDEX URL LIST