Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Cheap Chinese Android phones were found to be preloaded with fake WhatsApp and Telegram apps containing malware designed to steal cryptocurrency. The malware, dubbed Shibai, hijacks updates, replaces crypto wallet addresses, and exfiltrates chat data. The campaign, active since June 2024, has rapidly expanded, utilizing over 60 C2 servers and 30 domains to spread the malware.