Juniper Threat Labs discovered a new Trojan malware implementing on app Telegram. The malware will stole all victim’s information. Under the name “Masad Clipper and Stealer” the spyware is capable of stealing a broad list of browsing data, including usernames, passwords, credit card information.
Moreover, the malware also includes a function that replaces cryptocurrency wallets from the clipboards with the one by the attacker’s party. According to the report, the spyware’s clipping supports a number of major cryptos such as Bitcoin (BTC), Ether (ETH), XRP, Bitcoin Cash (BCH) and Litecoin (LTC), among others.
Specifically, the malware uses Telegram as a Command and Control (CnC) channel, which reportedly allows the malware some anonymity. This malware is written using Autoit scripts and then compiled into a Windows executable, according to the report. After being installed, Masad Stealer starts by collecting sensitive information from the system like crypto wallet addresses, credit card browser data, PC and system information.
The security portal concluded that Masad Stealer is an active and ongoing threat Command and Control bots were still alive at the time of publication.
Meanwhile, Telegram released a wallet for its TON Blockchain’s native token Gram in the app’s alpha version for iOS on Sept. 26. On Sept. 24, Telegram announced a bug bounty competition within its new smart contract coding contest.