Analysis & Features

WhatsApp and Telegram apps infected by trojans stealing crypto funds from victims

ESET Research has found the first instance of clippers built into instant messaging apps. Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows. The malware can switch the cryptocurrency wallet addresses the victim sends in chat messages to addresses belonging to the attacker. Some of the clippers abuse optical character recognition to extract text from screenshots and steal cryptocurrency wallet recovery phrases. In addition to clippers, ESET also found remote access trojans bundled with malicious Windows versions of WhatsApp and Telegram. [c]