Telegram

2023 - 3 - 17

Post cover
Image courtesy of "Cyber Security News"

Weaponized Telegram and WhatsApp Apps Attack Android ... (Cyber Security News)

Apart from this, the security researchers found that a significant number of the apps they examined are classified as "clippers".

Clippers are mostly used to steal crypto, while RATs can take screenshots and delete files, among other malicious activities. Cybercriminals did not need to create a new version of Telegram since it is an open-source application. As a result, the victims get easily tricked with such lures. So, these are types of malware that have the capability to steal or modify clipboard data. In China, both of these applications are banned since:- The Android clippers specifically targeting instant messaging were seen for the first time.

Post cover
Image courtesy of "Internet"

Lookalike Telegram and WhatsApp Websites Distributing ... (Internet)

Researchers have discovered trojanized versions of Telegram and WhatsApp are infecting Android and Windows users with cryptocurrency clipper malware.

"Unsurprisingly, this constitutes a ripe opportunity for cybercriminals to abuse the situation." Are you aware of the risks associated with third-party app access to your company's SaaS apps? [similar malicious cyber operation](https://thehackernews.com/2022/03/experts-uncover-campaign-stealing.html) that came to light last year, is geared towards Chinese-speaking users, primarily motivated by the fact that both Telegram and WhatsApp are blocked in the country. [Gh0st RAT](https://malpedia.caad.fkie.fraunhofer.de/details/win.ghost_rat), barring one, which employs more anti-analysis runtime checks during its execution and uses the [HP-socket library](https://github.com/ldcsaa/HP-Socket) to communicate with its server. [seed phrases](https://academy.binance.com/en/glossary/seed-phrase) by leveraging a legitimate machine learning plugin called [ML Kit on Android](https://firebase.google.com/docs/ml-kit/android/recognize-text), thereby making it possible to empty the wallets. [first instance of clipper malware](https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/) on the Google Play Store dates back to 2019, the development marks the first time Android-based clipper malware has been built into instant messaging apps.

Post cover
Image courtesy of "Infosecurity Magazine"

Telegram, WhatsApp Trojanized to Target Cryptocurrency Wallets (Infosecurity Magazine)

Most of these apps rely on clipper malware to steal the contents of the Android clipboard.

[ESET](https://www.eset.com/), most of these apps rely on clipper malware designed to steal or modify the contents of the Android clipboard. โ€œUnsurprisingly, this constitutes a ripe opportunity for cyber-criminals to abuse the situation.โ€ [reads the ESET advisory.](https://www.welivesecurity.com/2023/03/16/not-so-private-messaging-trojanized-whatsapp-telegram-cryptocurrency-wallets/)

Post cover
Image courtesy of "HackRead"

Fake Telegram and WhatsApp clones aim at crypto on Android and ... (HackRead)

These Android and Windows-based clippers can abuse instant messages and steal crypto wallet funds via OCR (optical character recognition).

Based on the findings shared by ESET researchers, dozens of fake Telegram and WhatsApp websites have surfaced. For this, the apps leverage a legitimate machine learning plugin called ML Kit on Android. These apps use OCR to recognize text from screenshots the user has stored on the device. This is also the first time this kind of tactic is used. Another clipper cluster tracks Telegram conversations for Chinese cryptocurrency-related keywords, either received from a server or hard-coded. ESET cybersecurity researchers have discovered trojanized instant messaging apps that deliver clippers malware.

Explore the last week