The developer of a simple malware checking the clipboard earned more than $560 thousand

malware for checking the clipboard
Written by Emma Davis

Avast specialists spoke about a malicious campaign in which an attacker organized a malware distribution activity in the Telegram messenger for checking the clipboard and earned more than $560,000 in cryptocurrency.

The Hack Boss Telegram channel was created in November 2018, and its owner published malware-infected “hacking tools”.

Downloading and installing the tools infected Windows computers with a clipboard cracker. This type of malware constantly monitors the victim’s clipboard and has access to all information that is copied or cut to the clipboard.

The program regularly checked the contents of the clipboard for addresses of cryptocurrency wallets and replaced the text copied by the user with the address of the attacker. Thus, the victim unwittingly sent funds to the author of the malware.Avast researchers say.

The malicious payload continued to run on the victim’s computer even after the application’s user interface was closed. If the malicious process was terminated by the Task Manager, it could be started again the next time the system was started, or from a scheduled task the next minute.

The malware contained over 100 cryptocurrency wallet addresses and changed them as needed.

The most interesting aspect of this malware is the way it is delivered to its victims. The authors of HackBoss own a Telegram channel, which they use as their main source for distributing malware.

The software that is published on this channel ranges from bank and social site crackers to various crypto wallet and private key crackers or gift card code generators. However, while it is promised that every promoted application will have some kind of new hacking feature, this is not the case. The truth is different, as each published post contains only malware to steal cryptocurrency, disguised as a hacking application.Avast experts say.

The fraudulent scheme brought the owner of the Hack Boss Telegram channel over $560,000 in Bitcoin, Litecoin, Dogecoin and Ethereum cryptocurrencies. Since the malware also spoofed Monero cryptocurrency wallet addresses, the attacker’s profits could presumably be even greater.

The Hack Boss program infected users all over the world, and most of the victims were in Nigeria, the United States, Russia and India.

Let me remind you that we talked about the fact that 100 thousand users installed an unofficial malicious version of Telegram.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply