Fake WhatsApp and Telegram App Alarm – WORLD

Fake WhatsApp and Telegram App AlarmESET researchers have identified Trojan versions of the WhatsApp and Telegram apps, as well as dozens of copycat instant messaging websites specifically targeting Android and Windows users.ESET researchers have identified Trojan versions of the WhatsApp and Telegram apps, as well as dozens of copycat instant messaging websites specifically targeting Android and Windows users. Most of the detected malware is of the clipper type, which steals or modifies the contents of the clipboard. All of the software in question attempts to steal victims’ cryptocurrencies, while some target crypto wallets. ESET Research has for the first time discovered an Android-based clipper software specifically designed for instant messaging apps. Also, some of these apps use optical character identification (OCR) to extract text from screenshots saved on jailbroken devices. This is another novelty among Android malware. “Scammers are trying to get hold of cryptocurrency wallets using instant messaging apps.” When the language used in the fake apps was studied, it turned out that people using this software are specifically targeting Chinese speaking users. In China, Telegram and WhatsApp were released in 2015 and 2017 respectively. The attackers in question first set up Google Ads that redirected them to fake YouTube channels and then redirected users to mimic the Telegram and WhatsApp websites. ESET Research reported the fake ads and associated YouTube channels to Google and Google immediately terminated all of these ads and channels.ESET researcher Lukasz Stefanko, who discovered applications disguised as Trojans, said: “The main purpose of the clipper software we discovered is to intercept the messages of the victim and replace the sent and received addresses of the cryptocurrency wallet with the addresses of the attacker. In addition to the WhatsApp and Telegram apps for Android disguised as a Trojan, we also found Windows versions of the same apps hidden under a Trojan.” The Android-based clipper software reviewed is the first Android-based malware that uses OCR to read text from screenshots and photos stored on the victim’s device. OCR is used to find and play the key phrase. The passphrase is a mnemonic code, a set of words used to recover cryptocurrency wallets. Once the attackers have the passphrase, they can directly steal all the cryptocurrencies in the respective wallet by replacing the victim’s cryptocurrency wallet address with the attacker’s chat address. It does this using addresses either directly in the program or dynamically obtained from the attacker’s server. In addition, the software monitors Telegram messages to detect certain keywords related to cryptocurrencies. Once the software detects such a keyword, it relays the entire message to the attacker’s server. ESET Research has found Telegram and WhatsApp installers for Windows that contain Remote Access Trojans (RATs), as well as Windows versions of these wallet addresses. changing the clipper software From the application model Based on this, it was discovered that one of the malicious packages for Windows was not clipper software, but RAT, which could take full control of the victim’s system. Thus, these RATs can steal cryptocurrency wallets without intercepting the flow of applications.Lukas Stefanko gave the following advice on this matter: “Only install applications from trusted and trusted sources such as the Google Play Store, and do not store unencrypted images or screenshots containing sensitive information on your device. If you think you have a Telegram or WhatsApp app disguised as a Trojan installed on your device, manually remove these apps from your device and use the app either through Google Play or directly from legitimate sources.If you suspect that your Windows device has a malicious Telegram app installed, use a security solution that detects and fixes the threat. WhatsApp for Windows is currently available in the Microsoft Store.”