New malware targets users of Telegram via clipboard replacement

posted 5 months ago
Researchers at Juniper Threat Labs clocked a new Trojan-delivered malware that is using messaging app Telegram as its command and control channel. The malicious vector cloaks itself to extract sensitive information from the users of the messaging app.

Dubbed as the ‘Masad Clipper and Stealer’ across black market forums, the malware’s stealing routine taps into its targeted system’s browser history, collects any sensitive information available, then zips it into a file via the 7zip utility that is already bundled into its binary. The zipped file is then sent using the sendDocument API via a hardcoded bot token (a way to communicate with the Command and Control bot.) Masad automatically replaces cryptocurrency wallets from the clipboard with its own. The report suggests installing a next-generation firewall (NGFW) with Advanced Threat Protection.
Tags: bitcoin, news