Researchers from Doctor Web have uncovered a malware campaign in which low-cost Android phones come pre-infected with spyware designed to steal cryptocurrency via a fake version of WhatsApp.
Devices disguised as premium models like “S23 Ultra” or “Note 13 Pro” run outdated software and include clippers—malicious programs that replace copied wallet addresses with those controlled by hackers.
The fake WhatsApp app operates stealthily, swapping crypto addresses without alerting users, making funds vanish despite everything appearing normal on screen.
Beyond WhatsApp, the malware is embedded in over 40 fake apps including Telegram and popular crypto wallets, using LSPatch to remain persistent and evade detection.
Investigators believe the infection happens during manufacturing, especially among lesser-known Chinese brands, pointing to a dangerous supply chain breach.
The spyware also scans for images of recovery phrases, giving attackers full access to wallets, and updates itself via hacker-controlled domains.
Experts warn against buying unverified devices and recommend using security tools and verified app stores to stay protected.
Read more...
Logging you in...
Loading IntenseDebate Comments...