Hi Guys,

Be careful where you download your applications, especially messaging apps like Telegram and WhatsApp.

Researchers from ESET have discovered that attackers are using copycat websites of messaging apps Telegram and WhatsApp to distribute malware that targets cryptocurrency wallets. This new strain of malware, known as clipper malware, can intercept users’ chats and replace cryptocurrency wallet addresses with the attacker’s addresses. It sometimes employs optical character recognition (OCR) to identify and steal seed phrases from screenshots on compromised devices.

The infection begins when users click on fraudulent ads in Google search results, leading to deceptive YouTube channels and then to fake Telegram and WhatsApp websites. Several malware versions have been identified, each with slightly different features and capabilities.

Currently, these attacks primarily target Chinese-speaking users, as Telegram and WhatsApp are blocked in China, making users more susceptible to these fraudulent websites. ESET researchers caution users to verify messaging apps’ authenticity before downloading and avoid clicking on suspicious ads or links.

Crypto theft statistics:

  • Crypto-related thefts, scams, and frauds totalled $1.9 billion in 2020.
  • In the first half of 2021, losses from cryptocurrency theft, fraud, and scams reached $681 million.
  • DeFi (decentralized finance) hacks accounted for 76% of major crypto thefts in 2021.

Safety tips to prevent crypto theft:

  • Keep Incognito updated on your device and scan regularly.
  • Verify the authenticity of messaging apps before downloading.
  • Avoid clicking on suspicious ads or links.
  • Use a secure, trusted wallet to store your cryptocurrency.
  • Regularly update your device’s software and security settings.

We have updated Incognito to detect and remove these rogue messaging apps, so I recommend scanning your phone to ensure you don’t have them installed. If you have any general questions or concerns about privacy or security, don’t hesitate to contact our Privacy Care Team.

We are always here to help 🙂

All the best

Max Roberts,
Incognito Privacy Care Team