Hackers are operating a scam via messaging application Telegram in a bid to swindle fellow cybercriminals, researchers have discovered.
According to security company Avast, hackers are using the encrypted messaging platform to distribute HackBoss malware and have so far stolen hundreds of thousands of dollars worth of cryptocurrency from victims.
The malware is disguised as software for brute-forcing passwords for banking, dating and social media accounts. Once the wannabe hacker runs the program, crypto-stealing malware is intalled on their device.
HackBoss is also said to be relatively persistent, given that it comes with a registry key to run it at startup, as well as a scheduled task that runs the payload every minute.
Pasting the wrong address
The modus operandi for the malware is simple: it scans the clipboard for a cryptocurrency wallet and replaces it with another one, belonging to the attacker. Should the victim try to send crypto tokens to an address, the funds will be diverted to the attacker.
In theory, the scam is relatively easy to spot, as the address pasted just before sending will differ from the one copied beforehand. Attackers are hoping that most people don’t double-check the addresses after pasting, partly because wallet addresses are just a long string of random letters and numbers.
It seems this hypothesis is correct, too. Since November 2018, more than $560,000 in various cryptocurrencies has been sent to more than 100 addresses associated with the attackers.