New Spyware Replaces Crypto Wallets on Clipboard via Telegram: Report

Published at: Sept. 28, 2019

Amerian Internet infrastructure firm Juniper Networks has found a new spyware that uses Telegram app to replace crypto addresses with its own.

Masad Clipper and Stealer

Juniper Threat Labs, a threat intelligence portal at Juniper Networks (NYSE: JNPR), discovered a new Trojan-delivered malware implementing major global messaging app Telegram to exfiltrate stolen information, according to threat research released on Sept. 26.

Reportedly circulating under the name “Masad Clipper and Stealer” on black market forums, the spyware is capable of stealing a broad list of browsing data, including usernames, passwords, credit card information.

Moreover, the malware also includes a function that replaces cryptocurrency wallets from the clipboards with the one by the attacker’s party. According to the report, the spyware’s clipping supports a number of major cryptos such as Bitcoin (BTC), Ether (ETH), XRP, Bitcoin Cash (BCH) and Litecoin (LTC), among others.

Ongoing threat signals

Specifically, the malware uses Telegram as a Command and Control (CnC) channel, which reportedly allows the malware some anonymity. This malware is written using Autoit scripts and then compiled into a Windows executable, according to the report. After being installed, Masad Stealer starts by collecting sensitive information from the system like crypto wallet addresses, credit card browser data, PC and system information.

According to Jupiter Threat Labs, Masad Stealer sends all collected information to a Telegram bot managed by the threat actor, which also sends commands to the spyware.

The security portal concluded that Masad Stealer is an active and ongoing threat Command and Control bots were still alive at the time of publication.

Meanwhile, Telegram released a wallet for its TON Blockchain’s native token Gram in the app’s alpha version for iOS on Sept. 26. On Sept. 24, Telegram announced a bug bounty competition within its new smart contract coding contest.

Tags
Related Posts
Trend Micro: Outlaw Hacking Group’s Botnet Is Now Spreading a Monero Miner
Cybersecurity company Trend Micro claims to have detected a web address spreading a botnet featuring a monero (XMR) mining component alongside a backdoor. The malware was described on Trend Micro’s official blog on June 13. Per the report, the firm attributes the malware to Outlaw Hacking Group, as the techniques employed are almost the same used in its previous operations. The software in question also holds Distributed Denial of Service (DDoS) capabilities, “allowing the cybercriminals to monetize their botnet through cryptocurrency mining and by offering DDoS-for-hire services.” Trend Micro also believes that the creators of the malware in question are …
Altcoin / June 13, 2019
Malware on Official Monero Website Can Steal Crypto: Investigator
The software available for download on Monero’s (XMR) official website was compromised to steal cryptocurrency, according to a Nov. 19 Reddit post published by the coin’s core development team. The command-line interface (CLI) tools available at getmonero.org may have been compromised over the last 24 hours. In the announcement, the team notes that the hash of the binaries available for download did not match the expected hashes. The software was malicious On GitHub, a professional investigator going by the name of Serhack said that the software distributed after the server was compromised is indeed malicious, stating: “I can confirm that …
Altcoin / Nov. 19, 2019
Five Critical Vulnerabilities Discovered in EOS in 2019, HackerOne Data Shows
EOS.io, the company responsible for the development of fourth-largest crypto by market cap EOS, has handed over bug bounties for five critical vulnerabilities this year. Public activity on breach disclosure platform HackerOne revealed the bounties. On Jan. 10, $40,750 was awarded to five white hat hackers on the platform by EOS.io, and the day after, another researcher received a $10,000 bounty. Five of those bounties are equivalent to $10,000 each, which is the highest possible payout reserved by the company only for the most critical vulnerabilities. The Tron Foundation, the company behind the cryptocurrency Tron, also awarded four bounties in …
Altcoin / Feb. 5, 2019
What is a seed phrase and why is it important?
How to keep your seed phrase safe A crypto seed phrase in the wrong hands can do damage, so it is advisable to always ensure it is safe. The following are some tips for ensuring your seed phrase is secure. Never share your seed with anyone else: It’s extremely important that you never reveal your recovery phrase to anyone. Why? Because if someone else finds out your recovery phrase, they will be able to access — and therefore control — your crypto funds. Make a note of it on paper and keep it in a secure location: This is the …
Blockchain / Aug. 27, 2022
Hackers takeover Azuki’s Twitter account, steal over $750K in less than 30 minutes
Azuki, a popular nonfungible token (NFT) project, had its Twitter account compromised on Jan. 27 leading to hackers stealing over $750,000 worth of USD Coin (USDC) by posting a malicious “wallet drainer link” posed as a virtual land mint. Hackers stole $751,321.80 USDC from a single wallet within half an hour of the malicious links being tweeted, according to Etherscan data provided to Cointelegraph by crypto wallet security firm Wallet Guard. The data also revealed that hackers stole a further $6,752.62 worth of USDC from various wallets holding 11 NFTs and over 3.9 Ether (ETH). Wallet Guard stated that the …
Nft / Jan. 28, 2023