A website that looks like Telegram and WhatsApp is being used to spread malware that steals cryptocurrency.
This is the first time that Android clipper malware has been built into messaging apps.
- Some of the apps that have this clipper malware integrated use optical character recognition to recognize text from screenshots stored on compromised devices.
- The attack chain begins with targeted users clicking on false ads that redirect them to hundreds of YouTube channels, which then redirect them to false Telegram and WhatsApp websites.
- This recent malware variant can intercept a victim's chats and replace any sent and received cryptocurrency wallet addresses with addresses controlled by the threat actors.
- Other use cases include stealing seed phrases, spying on Telegram conversations, etc.
