New Telegram-based Malware Hijacks Crypto Wallets Addresses on Clipboards

By Emily Rys | September 29, 2019

Juniper Networks – The US-based Internet infrastructure company – has reportedly come across a type of malware that steals crypto addresses via the Telegram platform. 

Specifically, Juniper Threat Labs – a threat intelligence portal belonging to the Juniper Networks – has come across a Trojan malware that is wreaking havoc on Telegram, via illegally extracting data from the victim. 

The new Trojan malware – dubbed “Masad Clipper and Stealer” on the groups in the dark markets – is particularly engineered to get ahold of a wide array of browsing information, including usernames, passwords, credit card information.

Furthermore, the malware was also equipped with the feature to hijack digital wallet addresses, and put another one in instead – which usually belongs to the attackers. 

Per the report, the Trojan malware facilitates some of the major coins on the market currently, nominally Bitcoin (BTC), Ether (ETH), XRP, Bitcoin Cash (BCH) and Litecoin (LTC), among others.

The malware has occupied Telegram, deeming it its Command and Control (CnC) channel, due to the level of secrecy the messaging app accidentally provides. The malware was programmed by Autoit scripts, which was then compiled into a Windows executable. Upon its installation, the malware will initiate its personal data retrieving process. 

A Telegram bot – controlled by the attacker – will be receiving all illegally gathered details, as well as send the next guidances to the malware.

Tags: , ,

Related Articles