Since June 2024, a campaign has been identified where cheap Android smartphones from Chinese manufacturers come pre-installed with trojanized versions of popular messaging apps like WhatsApp and Telegram. Security researchers from Doctor Web have uncovered that these malicious apps, disguised as legitimate software, are injecting malware that implements cryptocurrency clipper functionality. This escalation signifies a new tactic where supply chains of these manufacturers are exploited to preload devices with harmful applications, potentially affecting a wide range of low-end devices mimicking premium models.
"Fraudulent applications were detected directly in the software pre-installed on the phone," the company said. "In this case, the malicious code was added to the WhatsApp messenger."
Attackers are said to have utilized an application to spoof technical specifications displayed on the About Device page, creating a false impression of advanced hardware.
Collection
[
|
...
]