Telegram is once again in the news, only this time, it doesn’t have to do with some fancy new partnership. The encrypted chap application is being used by hackers looking to potentially steal cryptocurrency.
Telegram Has Had Its Ups and Downs
The thefts are occurring through a new form of malware known as the Masad Stealer, which searches through internet cookies, browser passwords and clipboard data. Hackers in charge can replace with data of their own, i.e. bitcoin or cryptocurrency addresses they control, to thereby funnel funds into accounts that they own.
Initially, however, the malware travels through Telegram to find and filter the right information from users. At press time, it appears Ethereum, bitcoin and Monero are the primary targets.
Telegram has had a few hits and misses during the past several months. On one hand, its initial coin offering (ICO) went extremely well and garnered nearly $2 billion in funds. At the same time, the gram – it’s official cryptocurrency which was offered through the ICO – was developed entirely in secret and caused a lot of regulatory backlash, leading to several delays. Many wondered if the currency’s future was somehow at stake.
In addition, Telegram recently partnered with custody crypto firm Anchorage to ensure institutional players can gain appropriate access to the gram. This is great news considering Anchorage is a potential partner of Libra, but Telegram is also being faltered by a potential bug that could cause users’ phone numbers to leak if it’s exploited. Sadly, exploitations have already seemingly occurred in China.
Masad has a way of concealing its presence with the help of more legitimate forms of software, such as Iobit and Proxy Switcher. In addition, it only takes up 1.5 MB of space, making it very easy to miss altogether. The good news is that only those who seemingly adopt or download the “clean” software Masad uses to cover itself are at risk. This is likely to amount to a small number indeed, but the danger is still there.
Perhaps the biggest threat comes in the way Masad schedules itself. It performs tasks on a minute-by-minute basis through an array of infected hosts. Thus, regardless of what’s occurring with or on the victim’s computer, Masad continues to run, thereby increasing one’s chances of losing crypto funds.
Don’t Let Your Data Get Stolen
The malware is being sold on black market platforms for roughly $85. In addition, hackers appear to have opened their own Telegram account as a means of fooling potential victims into joining and learning more about the software. In truth, this appears to be a way of garnering users’ personal data.