HackBoss malware is using Telegram to steal cryptocurrency from other hackers
Hackers stealing from wannabe hackers using fake software


Hackers are distributing cryptocurrency-stealing malware over a Telegram channel to would-be hackers in a scam that has racked up $500,000, according to security researchers.
According to cyber security firm Avast, Hackers are running a Telegram channel called “Hack Boss” to distribute malicious software for other hackers to use. Unfortunately for the hackers who download it, the software won’t help them spread malware. Instead, it’ll infect their systems with cryptocurrency-stealing malware.
Researchers dubbed the malware HackBoss after the Telegram channel they discovered it on. The channel claims to provide “The best software for hackers (hack bank/dating/bitcoin).” The software that is supposed to be published on this channel varies from bank and social site crackers to various cryptocurrency wallet and private key crackers or gift card code generators.
“However, although each promoted application is promised to be some hacking or cracking application, it never is. The truth is quite different — each published post contains only a cryptocurrency-stealing malware concealed as a hacking or cracking application. What is more, no application posted on this channel delivers promised behavior: all of them are fake,” said researchers.
In investigations, researchers found HackBoss is delivered as a zip file. When opened, the executable launches a user interface. No matter what the hacking tools claim to be, the user interface decrypts and installs the cryptocurrency-stealing malware on the victim’s system. The executable runs once the victim clicks any button.
The malware searches the victim’s system for any cryptocurrency wallets and replaces them with its own.
“The malicious payload keeps running on the victim’s computer even after the application’s UI is closed. If the malicious process is terminated — for example via the Task manager — it can then get triggered again on startup or by the scheduled task in the next minute,” said researchers.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“Such behavior can be easily overlooked by a less observant victim and may lead to a significant monetary loss.”
So far, researchers have found over 100 cryptocurrency wallet addresses belonging to HackBoss authors. These are the wallets the HackBoss malware puts in place of the victim’s crypto wallet. The malware authors have amassed $560,000 from victims since the scam started in November 2018.
While the HackBoss authors promote their fake hacking tools through other media, Telegram appears to be its main distribution path.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
AI coding tools are booming – and developers in this one country are by far the most frequent users
News AI coding tools are soaring in popularity worldwide, but developers in one particular country are among the most frequent users.
-
Cisco warns of critical flaw in Unified Communications Manager – so you better patch now
News While the bug doesn't appear to have been exploited in the wild, Cisco customers are advised to move fast to apply a patch