![]() ![]() In addition to clippers, we also found remote access trojans (RATs) bundled with malicious Windows versions of WhatsApp and Telegram. ![]() ![]() Some of the clippers abuse optical character recognition to extract text from screenshots and steal cryptocurrency wallet recovery phrases.The malware can switch the cryptocurrency wallet addresses the victim sends in chat messages for addresses belonging to the attacker.Threat actors are going after victims’ cryptocurrency funds using trojanized Telegram and WhatsApp applications for Android and Windows.ESET Research has found the first instance of clippers built into instant messaging apps."Unsurprisingly, this constitutes a ripe opportunity for cybercriminals to abuse the situation. "People who wish to use these services have to resort to indirect means of obtaining them," the researchers said. The campaign, like a similar malicious cyber operation that came to light last year, is geared towards Chinese-speaking users, primarily motivated by the fact that both Telegram and WhatsApp are blocked in the country. It's also worth pointing out that these clusters, despite following an identical modus operandi, represent disparate sets of activity likely developed by different threat actors. RESERVE YOUR SEATĪll the analyzed RAT samples are based on the publicly available Gh0st RAT, barring one, which employs more anti-analysis runtime checks during its execution and uses the HP-socket library to communicate with its server. Discover the Hidden Dangers of Third-Party SaaS AppsĪre you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |