They detect a new cryptocurrency theft malware: the software is distributed through a Telegram channel called HackBoss. To date it is estimated that they have stolen more than half a million dollars.
The funny thing is that the HackBoss authors have a Telegram channel with more than 2,500 subscribers where they provide, according to them, “the best software for hackers (hack bank / dating / bitcoin)”, according to research by Avast.
When the download of any of the recommended tools starts, users get HackBoss malware instead, which runs on their system and shrinks their cryptocurrencies.
This is because the post contains a false description of the app’s supposed functionality and screenshots of the app’s user interface. Sometimes it also includes a link to a YouTube channel (currently deleted), called Bank God with a promotional video.
This malware is distributed through a Telegram channel with the same name: “HackBoss”.
HackBoss’s mechanism of action is simple: searches the clipboard for crypto wallet addresses and replaces those addresses with those of the malware author himself, thus diverting funds to him.
The malicious payload continues to run on the victim’s computer even after closing the application’s user interface.
If the malicious process closes -through the task manager- can be reactivated when starting the computer or by the scheduled task in the next minute.
“A malicious attacker just needs to keep a little busy promoting simple rogue apps and the monetary gain can be considerable. And that’s what they constantly do. the creators of the HackBoss malware. The Hack Boss channel on Telegram is not the only place where they promote their fake app, “warns Romana Tesařová, malware researcher at Avast.
Although the malware itself is not sophisticated, it can be very effective. Reuters photo
The formats of the wallet addresses that HackBoss checks are the cryptocurrencies Bitcoin, Ethereum, Dogecoin, Litecoin and Monero, but most of them are Bitcoin wallets.
Analysis by researchers from the Avast Threat Lab further reveals that Malware authors may have received $ 560,000 in redirected crypto funds. Although part of that amount can also reflect profits from sales of fake software.
Although the malware itself is not sophisticated, it can be very effective experts say. Today, many people own cryptocurrencies and send them through computer applications.
Run a rogue application that spawns a malicious process that continuously checks and exchanges clipboard content can cause significant monetary losses to users.
Eventually, the victim can start a valid cryptocurrency application on their computer and will want to send real cryptocurrency coins to someone else.
By copying the wallet address of the receiving cryptocurrency, you will be alerted to the malicious process that is already running, which will change the wallet address to its own.
An inattentive user may clicking the pay button without realizing that the copied wallet address has changed in the meantime and losing your money.
“The world of cryptocurrencies is fun and interesting. With each increase in the value of Bitcoin, more and more people get involved in the game of selling, mining and trading digital assets. However, the playing field is tempting for both people. honest as well as malicious ones. Malware targeting cryptocurrency theft has become extremely common, “adds Tesařová.
#fake #app #steals #cryptocurrencies #Telegram #channel