Crypto Credits

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

Hackers are distributing cryptocurrency-stealing malware over a Telegram channel to would-be hackers in a scam that has racked up $500,000, according to security researchers.

According to cyber security firm Avast, Hackers are running a Telegram channel called “Hack Boss” to distribute malicious software for other hackers to use. Unfortunately for the hackers who download it, the software won’t help them spread malware. Instead, it’ll infect their systems with cryptocurrency-stealing malware.

Researchers dubbed the malware HackBoss after the Telegram channel they discovered it on. The channel claims to provide “The best software for hackers (hack bank/dating/bitcoin).” The software that is supposed to be published on this channel varies from bank and social site crackers to various cryptocurrency wallet and private key crackers or gift card code generators.

“However, although each promoted application is promised to be some hacking or cracking application, it never is. The truth is quite different — each published post contains only a cryptocurrency-stealing malware concealed as a hacking or cracking application. What is more, no application posted on this channel delivers promised behavior: all of them are fake,” said researchers.

In investigations, researchers found HackBoss is delivered as a zip file. When opened, the executable launches a user interface. No matter what the hacking tools claim to be, the user interface decrypts and installs the cryptocurrency-stealing malware on the victim’s system. The executable runs once the victim clicks any button.

The malware searches the victim’s system for any cryptocurrency wallets and replaces them with its own.

“The malicious payload keeps running on the victim’s computer even after the application’s UI is closed. If the malicious process is terminated — for example via the Task manager — it can then get triggered again on startup or by the scheduled task in the next minute,” said researchers.

“Such behavior can be easily overlooked by a less observant victim and may lead to a significant monetary loss.”

So far, researchers have found over 100 cryptocurrency wallet addresses belonging to HackBoss authors. These are the wallets the HackBoss malware puts in place of the victim’s crypto wallet. The malware authors have amassed $560,000 from victims since the scam started in November 2018.

While the HackBoss authors promote their fake hacking tools through other media, Telegram appears to be its main distribution path.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Visit website

Related News

Why delivery scams are on the rise


Hong Kong Love Scam Steals Cryptocurrency


U.K. Police Warn About Crypto Scam Related to PayPal


Cops arrest three foreigners and local woman for online gambling, illegal crypto-currency scam


DMM Swap Shutters Amid Unclear Regulatory Concerns


What’s Behind the Meteoric Rise of Chainlink?