Trojans are currently infecting fake versions of WhatsApp and Telegram on Windows and Android. This malware notably steals the contents of the clipboard but can also modify it. We also talk about controlling the victim’s device!
ESET Research shares its finding that Windows and Android users are targeted by trojans hidden in WhatsApp and Telegram apps. We are talking about clippers, that is, the hackers can grab and modify the contents of the targeted users’ clipboard. As often, these are funds that are stolen, more specifically cryptocurrency.
To read > BNP Paribas, LCL, Crédit Mutuel, Société Générale… French banks targeted by the Xenomorph malware
A dissemination campaign through YouTube videos
YouTube is popular with hackers for spreading malware, including generating videos via artificial intelligence. Those spotted by ESET Research also rely on the streaming service by redirecting potential victims to videos via Google ads. Then the trapped people end up on fake WhatsApp and Telegram sites to download infected applications on Windows and Android.
If users usually go through legitimate stores, the hackers target the Chinese population who do not have legal access to messaging. This makes it easier to push them to go through alternative methods and therefore towards the trap set up.
These malware clippers intended for Android retrieve and modify the contents of the clipboard the victims. Lukas Stefanko of ESET Research explains: “ The purpose of the discovered clippers is to capture the victim’s email exchanges to replace the cryptocurrency wallet addresses with those of the hackers “. Note that attackers rely on OCR, which basically allows to steal the user’s passphrase to access their funds stored on cryptocurrency wallets. If the victim uses keywords related to digital currencies on Telegram, the hackers are even alerted.
For malware that targets WhatsApp and Telegram on Windows, hackers rest on a remote control to recover the victim’s cryptocurrency funds by taking control of his device.
To read > Elden Ring, Call of Duty: be careful, these popular video games hide malware!
How do I avoid getting infected with malware?
The first recommendation, and probably the most important, it is to avoid downloading software and applications outside of official stores. On Android, get WhatsApp and Telegram from the Play Store. For Windows users, just go through the Microsoft Store.
You will avoid problems avoiding cross roads. And above all, do not trust YouTube videos!
