This is very serious threat and I hope people will read this info on time.
It uses fake Tradebot_binance.exe and similar files to spread the infection.
Here are more reports regarding this Malware:
https://forums.juniper.net/t5/Threat-Research/Masad-Stealer-Exfiltrating-using-Telegram/ba-p/468559
https://www.coindesk.com/new-malware-swaps-out-crypto-wallet-addresses-as-you-type-them
How to protect yourself:
- Update your Antivirus and Firewall
- Don't download anything from Telegram
- Disable automatic media download in Telegram
- Ask download path for each file in Telegram
- Don't install telegram bots
Topic: {Warning}:New Masad Stealer Malware Exfiltrates Crypto Wallets via Telegram (Read 102 times)
September 27, 2019, 11:38:47 PM
September 27, 2019, 07:39:21 PM
https://twitter.com/BleepinComputer/status/1177666054123859968
Quote
A new and actively distributed malware strain dubbed Masad Stealer steals files, browser information, and cryptocurrency wallet data from infected computers that get sent back to its masters using Telegram as a communication channel.
The Juniper Threat Labs team who found it discovered that the malware is in some way related to the Qulab Stealer (either as an upgraded version or as a direct predecessor), and that it is developed using Autoit scripts and then compiled as a Windows executable.
Once it manages to infect a machine, Masad Stealer starts collecting a wide range of data from its victims, including but not limited to system info, screenshots, desktop text files, Steam Desktop Authenticator sessions, browser cookies, usernames, passwords, and credit card information.
The malware also comes with the capability of automatically replacing Monero, Bitcoin Cash, Litecoin, Neo, and Web Money cryptocurrency wallets from the clipboard with ones provided by its operators.
The Juniper Threat Labs team who found it discovered that the malware is in some way related to the Qulab Stealer (either as an upgraded version or as a direct predecessor), and that it is developed using Autoit scripts and then compiled as a Windows executable.
Once it manages to infect a machine, Masad Stealer starts collecting a wide range of data from its victims, including but not limited to system info, screenshots, desktop text files, Steam Desktop Authenticator sessions, browser cookies, usernames, passwords, and credit card information.
The malware also comes with the capability of automatically replacing Monero, Bitcoin Cash, Litecoin, Neo, and Web Money cryptocurrency wallets from the clipboard with ones provided by its operators.
https://www.bleepingcomputer.com/news/security/new-masad-stealer-malware-exfiltrates-crypto-wallets-via-telegram/
Moral lesson here is not to download any crack softwares, game cracks, cheats because we don't know, you might be the next victim here. Or probably just used dedicated desktops or laptops for all your crypto activity.
Jump to: