Avast specialists spoke about a malicious campaign in which an attacker organized a malware distribution activity in the Telegram messenger for checking the clipboard and earned more than $560,000 in cryptocurrency.
The Hack Boss Telegram channel was created in November 2018, and its owner published malware-infected “hacking tools”.Downloading and installing the tools infected Windows computers with a clipboard cracker. This type of malware constantly monitors the victim’s clipboard and has access to all information that is copied or cut to the clipboard.
The malicious payload continued to run on the victim’s computer even after the application’s user interface was closed. If the malicious process was terminated by the Task Manager, it could be started again the next time the system was started, or from a scheduled task the next minute.
The malware contained over 100 cryptocurrency wallet addresses and changed them as needed.
The most interesting aspect of this malware is the way it is delivered to its victims. The authors of HackBoss own a Telegram channel, which they use as their main source for distributing malware.
The fraudulent scheme brought the owner of the Hack Boss Telegram channel over $560,000 in Bitcoin, Litecoin, Dogecoin and Ethereum cryptocurrencies. Since the malware also spoofed Monero cryptocurrency wallet addresses, the attacker’s profits could presumably be even greater.
The Hack Boss program infected users all over the world, and most of the victims were in Nigeria, the United States, Russia and India.
Let me remind you that we talked about the fact that 100 thousand users installed an unofficial malicious version of Telegram.
