New Malware Uses Telegram to Swap Wallets Addresses on Clipboard

  • The “Masad Clipper and Stealer” clipping option currently supports a number of cryptocurrencies, such as BTC, ETH, XRP, BCH, LTC, and others.
  • The new spyware also sends your browsing data to a Telegram bot, which is then used to send commands back to the program.
Man with hoodie in front of computer station

Juniper Networks have discovered a new malware, which can replace wallet addresses, that uses the Telegram app, the internet infrastructure firm published in its threat research on 26 September.

The new spyware, called “Masad Clipper and Stealer”, is not only able to steal browsing data such as usernames, passwords and credit card information, but can also replace cryptocurrency addresses from the clipboard.

According to the research, the clipping option of the spyware currently supports a number of cryptocurrencies, such as Bitcoin (BTC), Ethereum (ETH), Ripple (XRP), Bitcoin Cash (BCH), Litecoin (LTC), and others. Juniper Networks warned that:

“Based on our telemetry, Masad Stealer’s main distribution vectors are masquerading as a legitimate tool or bundling themselves into third party tools. Threat actors achieve end user downloads by advertising in forums, on third party download sites or on file sharing sites.”

The program uses Telegram as a Command and Control (CnC) channel, which according to Juniper “allows the malware some anonymity”. The stolen data is sent to a Telegram bot, controlled by the threat actor, which also sends commands to the malware. It was also discovered that the malware is written with Autoit scripts, and then compiled into a Windows executable.

The security portal also said that the malware allegedly costs $40 on the dark web, which makes it affordable for a large number of threat actors. Juniper Networks also warned that at the time of publishing their findings the CnC bots were still live, which makes the malware an active and ongoing threat.

Discussion
Related Coverage
Sam Bankman-Fried Found Guilty on All Charges
  • The New York Jurors took 4 fours of deliberating before pronouncing the former FTX CEO guilty of all seven charges of fraud and conspiracy to commit fraud.
  • Bankman-Fried will now have to appear in court on 28 March, 2024, where he will face a potential maximum sentence of 115 years in prison.
November 3, 2023, 8:54 AM
sbf

Former CEO of FTX Sam Bankman-Fried leaves the Federal Court in New York after pleading not guilty, 3 January, 2022.
lev radin/Shutterstock

Unibot to Compensate Users Affected by Exploit
  • Popular Telegram bot Unibot, which is used to snipe trades on Uniswap, became a victim of a token approval exploit earlier today, when it was switching to a new router.
  • After confirming the exploit, Unibot assured users that their keys and wallets were safe, and that the project will compensate all affected users.
DoJ Requests SBF’s Expert Witnesses be Barred From Testifying
  • The U.S. Department of Justice has expressed its concerns over Sam Bankman-Fried’s seven expert witnesses, and requested they be barred from testifying on the case.
  • The DoJ claimed most of the proposed experts lacked the necessary foundation for their opinions, making them unqualified to be an expert witness.