Specialists at Juniper Threat Labs have discovered new malware that steals users' personal data and replaces cryptocurrency wallets with their own. The virus functions using the Telegram messenger.
Related: Russian lost 4 million in crypto after an unknown call
Masad Stealer is a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information.
— Juniper Networks (@JuniperNetworks) September 27, 2019
Get the latest on this active #malware threat from Juniper Threat Labs: https://t.co/7I7iLV3udp pic.twitter.com/Ts4oDdI6um
A malware called Masad Stealer is written using Autoit scripts and then compiled into a Windows executable. It is distributed under the guise of various tools, like CCleaner or ProxySwitcher, and is also embedded in other programs.
Masad Stealer steals browser data that may contain usernames, passwords, and credit card information. In addition to automatically replacing cryptocurrency wallets, it is also able to introduce malware for hidden mining into the system.
Masad Stealer uses a Telegram bot as a command center (C&C channel). With it, the program sends the stolen data to its operator and receives commands.
Malicious software is actively distributed at various hacker forums you can test both the free version of Masad Stealer and purchase full-featured software for $85.
To protect against the virus, experts recommend updating the firewall and making sure that it has advanced protection against threats.