Cybercriminals are using trojanized versions of popular messaging apps to steal cryptocurrencies from unsuspecting Android and Windows users, according to a report by cybersecurity firm ESET.
Researchers discovered dozens of fake Telegram and WhatsApp websites with malicious apps that employ clipboard content-stealing malware, known as clippers, to substitute users’ crypto wallet addresses with those controlled by attackers.
Some apps use optical character recognition technology to identify text within screenshots saved on the infected devices, researchers said.
The criminals behind these attacks use remote access trojans, or RATs, bundled in the apps to control victims’ devices, steal sensitive information and perform other malicious activities.
Experts suggest that users only download messaging apps from official sources and keep their devices up-to-date with the latest security patches to protect themselves. Users should also use strong, unique passwords for their accounts. ESET discovered the first Android clipper on Google Play prior to the establishment of the App Defense Alliance.
