Clippers can read seed phrases from screenshots

Experts at ESET Research have detected Trojanized versions of Telegram and WhatsApp for Android and Windows designed to steal cryptocurrencies.

#ESETResearch reports on new #Android and #Windows #cryptocurrency clippers in the form of trojanized #WhatsApp and #Telegram apps. This is the first time we’ve seen Android clippers focusing on instant messaging. https://t.co/BY9oa17Hzl @LukasStefanko 1/4

— ESET Research (@ESETresearch) March 16, 2023

\n\n\n

Clippers embedded in the messengers replace wallet addresses sent in chat with the attackers’ addresses. Android applications also use OCR to read text from screenshots and photos stored on the victim’s device. In this way, hackers can steal the seed phrase.

\n\n\n

One of the Windows malware packages consists not of clippers but of a RAT, which provides full control over the victim’s system without the need to intercept messaging traffic.

\n\n\n

At this stage, the imitator apps are aimed at residents of China, where Telegram and WhatsApp have been blocked for several years. As a result, users often attempt to obtain the messengers via workarounds.

\n\n\n

To lure potential victims, the hackers set up Google Ads that directed viewers to fraudulent YouTube channels, which then redirected viewers to sites impersonating Telegram and WhatsApp. Google has since blocked access to this advertising.

\n\n\n

Earlier ForkLog reported on a new version of the Xenomorph trojan for Android capable of stealing credentials 400 banks and 13 cryptocurrency wallets.

\n