Hackers are operating a scam via messaging application Telegram in a bid to swindle fellow cybercriminals, researchers have discovered.
According to security company Avast (opens in new tab), hackers are using the encrypted messaging platform (opens in new tab) to distribute HackBoss malware (opens in new tab) and have so far stolen hundreds of thousands of dollars worth of cryptocurrency (opens in new tab) from victims.
The malware is disguised as software for brute-forcing passwords (opens in new tab) for banking, dating and social media accounts. Once the wannabe hacker runs the program, crypto-stealing malware is intalled on their device.
- Here’s our list of the best firewalls (opens in new tab) right now
- We’ve built a list of the best antivirus software (opens in new tab) on the market
- Check out our list of the best endpoint protection software (opens in new tab) available
HackBoss is also said to be relatively persistent, given that it comes with a registry key to run it at startup, as well as a scheduled task that runs the payload every minute.
Pasting the wrong address
The modus operandi for the malware is simple: it scans the clipboard for a cryptocurrency wallet (opens in new tab) and replaces it with another one, belonging to the attacker. Should the victim try to send crypto tokens to an address, the funds will be diverted to the attacker.
In theory, the scam is relatively easy to spot, as the address pasted just before sending will differ from the one copied beforehand. Attackers are hoping that most people don’t double-check the addresses after pasting, partly because wallet addresses are just a long string of random letters and numbers.
It seems this hypothesis is correct, too. Since November 2018, more than $560,000 in various cryptocurrencies has been sent to more than 100 addresses associated with the attackers.
- Check out our list of the best business password managers (opens in new tab)
Via Bleeping Computer (opens in new tab)