The use of copycat websites to spread malware is a common tactic used by cybercriminals, and the latest target is instant messaging (IM) apps like Telegram and WhatsApp. Slovak cybersecurity firm ESET warns that the malware being spread via these fake IM websites is designed to infect Android and Windows users with cryptocurrency clipper malware. The malware intercepts chats, replaces cryptocurrency wallet addresses, and steals seed phrases via optical character recognition. The campaign primarily targets Chinese-speaking users who have to use indirect means to obtain Telegram and WhatsApp services due to a block in the country. ESET found that the malware is capable of exfiltrating entire Telegram conversations for certain Chinese keywords related to cryptocurrencies. The campaign represents disparate sets of activity likely developed by different threat actors but follows an identical modus operandi.
Source: ESET
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.