New virus replaces cryptocurrency wallets using Telegram

by in Blockchain News

virus crypto wallets

Specialists at Juniper Threat Labs have discovered new malware that steals users' personal data and replaces cryptocurrency wallets with their own. The virus functions using the Telegram messenger.

Related: Russian lost 4 million in crypto after an unknown call

A malware called Masad Stealer is written using Autoit scripts and then compiled into a Windows executable. It is distributed under the guise of various tools, like CCleaner or ProxySwitcher, and is also embedded in other programs.

Masad Stealer steals browser data that may contain usernames, passwords, and credit card information. In addition to automatically replacing cryptocurrency wallets, it is also able to introduce malware for hidden mining into the system.

Masad Stealer uses a Telegram bot as a command center (C&C channel). With it, the program sends the stolen data to its operator and receives commands.

Malicious software is actively distributed at various hacker forums you can test both the free version of Masad Stealer and purchase full-featured software for $85.

To protect against the virus, experts recommend updating the firewall and making sure that it has advanced protection against threats.