Cybersecurity firm ESET’s researchers have discovered a new cyberattack that targets popular messaging apps like WhatsApp and Telegram, as well as cryptocurrency wallets.
The study, published on the WeLiveSecurity blog, shows that the attackers have created fake versions of these apps that look and function like the real ones to gain unauthorized access to users’ private messages and digital currency. They pose as third-party app stores and direct download links.
When installed on a device, the fake apps let the attackers see and steal users’ messages and personal information, which could lead to stolen personal details or financial assets. There are a few variations of exactly how the threat takes your information, but downloading the fake app is what causes it to infect your device.
The researchers found that these fake apps mainly attack Android devices. While they had been deployed on iOS, security systems in place had already taken down the malicious apps.
However, on Android especially, the attackers have made sure their fake apps look and work like the real ones, making it hard for users to tell they’re not legitimate.
The people behind this cyberattack have also made fake versions of well-known cryptocurrency wallets for Bitcoin, Ethereum, and Ripple. These fake apps are designed to take users’ private keys, which let the attackers access the users’ crypto without permission.
ESET’s researchers suggest being careful when downloading apps, especially from unofficial sources. They recommend checking that an app is real before installing it and making sure it comes from a trusted source like the Google Play Store or Apple App Store.
To stay safe, they recommend users keep their devices updated with the latest security patches and use good antivirus software. Taking these steps can help protect against fake apps and lower the chances of becoming a victim of these attacks.