Specifically, Juniper Threat Labs – a threat intelligence portal belonging to the Juniper Networks – has come across a Trojan malware that is wreaking havoc on Telegram, via illegally extracting data from the victim.
The new Trojan malware – dubbed “Masad Clipper and Stealer” on the groups in the dark markets – is particularly engineered to get ahold of a wide array of browsing information, including usernames, passwords, credit card information.
Furthermore, the malware was also equipped with the feature to hijack digital wallet addresses, and put another one in instead – which usually belongs to the attackers.
The malware has occupied Telegram, deeming it its Command and Control (CnC) channel, due to the level of secrecy the messaging app accidentally provides. The malware was programmed by Autoit scripts, which was then compiled into a Windows executable. Upon its installation, the malware will initiate its personal data retrieving process.
A Telegram bot – controlled by the attacker – will be receiving all illegally gathered details, as well as send the next guidances to the malware.