The malware can switch the cryptocurrency wallet addresses that the victim sends in chat messages to addresses that belong to the attacker.
The attackers set up Google Ads leading to scam YouTube channels, the links redirecting viewers to fake Telegram and WhatsApp sites. ESET Research analysts have reported fraudulent YouTube ads and channels to Google, which has already blocked them.
In one case, malware tracked messages on Telegram for certain keywords related to cryptocurrencies. Once such a keyword was recognized, the malware would send a message to the attacker’s server.
Analysts concluded that the scammers are targeting Chinese-speaking users. Telegram and WhatsApp have been blocked in China for several years now. Therefore, users of these social networks in China use VPNs to access them.
“In addition to WhatsApp and Telegram Trojans for Android, we have also found Trojan versions of the same apps for Windows,” ESET said.
Earlier, ESET Research found that since May 2021, dozens of mobile applications have used a trojanized wallet program for Android and iOS platforms to steal cryptocurrency. ESET experts found that the authors of the malicious code conducted an in-depth analysis of legitimate applications. This made it possible to inject your own code into the implicit and hard-to-find places of programs. At the same time, the applications modified by the attackers fully retained their functionality.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
