Cryptocurrency clipper malware has reemerged into the internet in the form of fraudulent pages for messaging apps such as Telegram and WhatsApp. This malware is capable of replacing any cryptocurrency wallets that are sent and received with an address that is controlled by the threat actor. While some of these exploit features in the Android operating system, ESET has also identified two Windows-based clusters that allow for crypto theft. The campaign appears to primary target Chinese users due to the fact that Telegram and WhatsApp are blocked in the country, forcing users to attempt indirect methods to download these apps, which leaves them open to downloading malicious software.
