HackBoss malware is using Telegram to steal cryptocurrency from other hackers

Hackers stealing from wannabe hackers using fake software

Hackers are distributing cryptocurrency-stealing malware over a Telegram channel to would-be hackers in a scam that has racked up $500,000, according to security researchers.

According to cyber security firm Avast, Hackers are running a Telegram channel called “Hack Boss” to distribute malicious software for other hackers to use. Unfortunately for the hackers who download it, the software won’t help them spread malware. Instead, it’ll infect their systems with cryptocurrency-stealing malware.

Researchers dubbed the malware HackBoss after the Telegram channel they discovered it on. The channel claims to provide “The best software for hackers (hack bank/dating/bitcoin).” The software that is supposed to be published on this channel varies from bank and social site crackers to various cryptocurrency wallet and private key crackers or gift card code generators.

“However, although each promoted application is promised to be some hacking or cracking application, it never is. The truth is quite different — each published post contains only a cryptocurrency-stealing malware concealed as a hacking or cracking application. What is more, no application posted on this channel delivers promised behavior: all of them are fake,” said researchers.

In investigations, researchers found HackBoss is delivered as a zip file. When opened, the executable launches a user interface. No matter what the hacking tools claim to be, the user interface decrypts and installs the cryptocurrency-stealing malware on the victim’s system. The executable runs once the victim clicks any button.

The malware searches the victim’s system for any cryptocurrency wallets and replaces them with its own.

“The malicious payload keeps running on the victim’s computer even after the application’s UI is closed. If the malicious process is terminated — for example via the Task manager — it can then get triggered again on startup or by the scheduled task in the next minute,” said researchers.

“Such behavior can be easily overlooked by a less observant victim and may lead to a significant monetary loss.”

So far, researchers have found over 100 cryptocurrency wallet addresses belonging to HackBoss authors. These are the wallets the HackBoss malware puts in place of the victim’s crypto wallet. The malware authors have amassed $560,000 from victims since the scam started in November 2018.

While the HackBoss authors promote their fake hacking tools through other media, Telegram appears to be its main distribution path.

Featured Resources

2021 Thales access management index: Global edition

The challenges of trusted access in a cloud-first world

Free download

Transforming higher education for the digital era

The future is yours

Free download

Building a cloud-native, hybrid-multi cloud infrastructure

Get ready for hybrid-multi cloud databases, AI, and machine learning workloads

Free download

The next biggest shopping destination is the cloud

Know why retail businesses must move to the cloud

Free Download

Recommended

Marsh McLennan reveals its cyber risk analytics center
risk management

Marsh McLennan reveals its cyber risk analytics center

15 Oct 2021
MirrorBlast phishing campaign targets financial companies
phishing

MirrorBlast phishing campaign targets financial companies

15 Oct 2021
Russia missing from US-organized international ransomware event
ransomware

Russia missing from US-organized international ransomware event

13 Oct 2021
Kaspersky exposes MysterySnail zero-day exploit in Windows
zero-day exploit

Kaspersky exposes MysterySnail zero-day exploit in Windows

13 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Supply chain breaches impacted 97% of firms in the past year
supply chain management (SCM)

Supply chain breaches impacted 97% of firms in the past year

12 Oct 2021