Telegram Messenger Users Warned About This crypto-stealing Malware

Posted on June 1, 2021 at 1:31 PM

Telegram Messenger Users Warned About This crypto-stealing Malware

The Telegram messenger app may have a function that interests threat actors. A recent report reveals that the ads on the app are been used to launch attacks on cryptocurrency holders using samples of the HackBoss malware.

The malware copies crypto addresses

The threat actors used the HackBoss Telegram messenger medium to advertise apps claiming to be the best hackers online.

However, the fake apps contain links to anonymous or encrypted file storage that is downloaded as a .Zip file. If the user opens the file, It runs a .exe program that easily decrypts and executes a malicious payload when a user clicks on the program.

Also, the action of the user can put the malware into action at startup and every time there is a scheduled task.

After HackBoss becomes active on the targeted system, it checks the clipboard content regularly to pick up anything that looks like a crypto wallet address. After finding a crypto address format, it automatically replaces it with another address to steal the user’s funds.

Apart from promoting their malware, the makers of the HackerBoss Telegram messenger also used a website that contains promotional blog posts. They also take advantage of videos and adverts on public forums and YouTube channels for their promotional goals.

Ironically, the campaign is targeting those who are looking to make money through illegal means themselves.

AVAST security firm discovered more than 100 crypto assets that belong to the malware family’s creators. The report revealed that the wallets have a total of $560,000 worth of cryptocurrencies at the time Avast was analyzing it.

But the amount stolen is probably not up to that according to the security firm. It further revealed that the threat actors use some of the wallet addresses to deceive users to purchase fake software online. Also, other campaigns were likely carried out by the HackerBoss handlers using the same crypto addresses.

Other malware campaign involved Telegram

Telegram has also been used by other malware campaigns in the past apart from HackBoss. In October last year, G Data Software stated that the T-RAT 2.0 threat tool was used by threat actors to send commends over the Telegram messenger.

The malware gives the controller the power to capture screenshots, steal crypto addresses using clipboard information, and steal passwords.

Earlier this year, a malicious ad was directing its targets to a bogus Windows version of Telegram. The threat actors cloned the website and planted the AZORult infostealer sample in systems that visited the fake website.

After that, last month CheckPoint Research revealed that a remote access Trojan dubbed “ToxicEye” has been used by threat actors to launch attacks on users through the Telegram messenger app. The hackers utilized phishing emails to distribute the malicious.exe. After the malware becomes active, it steals data, deletes files, and encrypts the stolen data before sending it to the control server of the threat actor.

Protection against HackBoss and other similar malware

Security researchers have advised users how they can stay protected against malware like HackBoss. Such attacks show the need for organizations and institutions to stay cautious when it comes to transactions involving cryptocurrencies. To beef up security, users and crypto holders need to be very sure about the wallet address they are sending money to. Additionally, they should enable multi-factor authentication (MFA) to prevent the threat actors from having unauthorized access to their accounts.

With MFA, it will be more difficult for threat actors to steal users’ passwords as they need to go through an additional security protocol even if they manage to circumvent the first protocol by stealing users’ passwords. So many users have succeeded in preventing the theft of their cryptocurrencies by enabling an additional security check.

Also, users have been advised to use strong antivirus software that can monitor and detect all negative vices hackers use to infiltrate their targets’ systems.

Summary
Telegram Messenger Users Warned About This crypto-stealing Malware
Article Name
Telegram Messenger Users Warned About This crypto-stealing Malware
Description
The Telegram messenger app may have a function that interests threat actors. A recent report reveals that the ads on the app are been used to launch attacks on cryptocurrency holders using samples of the HackBoss malware.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Aug 17, 2023
Hackers Are Hiding Malware Within Legitimate Services Such As Slack And Trello
Aug 16, 2023
Info-Stealing Malware Exposes More Than 100,000 Hacking Forums  
Koddos

Newsletter

Get the latest stories straight
into your inbox!

Popular Articles

Aug 30, 2023
Stolen Data Threat: Rhysida Ransomware Gang Targets Prospect Medical Holdings
Aug 29, 2023
Compromised routers allowed online criminals to target Pentagon contract site
Aug 28, 2023
1.2 million customers of Mom’s Meals were affected after the recent data breach
Aug 28, 2023
How VPNs Can Defend Against the Threat of Hacking
Aug 23, 2023
Terra Developers Shut Down Website Amid A Phishing Campaign

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading