HackBoss malware is using Telegram to steal cryptocurrency from other hackers

Hackers stealing from wannabe hackers using fake software

Hackers are distributing cryptocurrency-stealing malware over a Telegram channel to would-be hackers in a scam that has racked up $500,000, according to security researchers.

According to cyber security firm Avast, Hackers are running a Telegram channel called “Hack Boss” to distribute malicious software for other hackers to use. Unfortunately for the hackers who download it, the software won’t help them spread malware. Instead, it’ll infect their systems with cryptocurrency-stealing malware.

Researchers dubbed the malware HackBoss after the Telegram channel they discovered it on. The channel claims to provide “The best software for hackers (hack bank/dating/bitcoin).” The software that is supposed to be published on this channel varies from bank and social site crackers to various cryptocurrency wallet and private key crackers or gift card code generators.

“However, although each promoted application is promised to be some hacking or cracking application, it never is. The truth is quite different — each published post contains only a cryptocurrency-stealing malware concealed as a hacking or cracking application. What is more, no application posted on this channel delivers promised behavior: all of them are fake,” said researchers.

In investigations, researchers found HackBoss is delivered as a zip file. When opened, the executable launches a user interface. No matter what the hacking tools claim to be, the user interface decrypts and installs the cryptocurrency-stealing malware on the victim’s system. The executable runs once the victim clicks any button.

The malware searches the victim’s system for any cryptocurrency wallets and replaces them with its own.

“The malicious payload keeps running on the victim’s computer even after the application’s UI is closed. If the malicious process is terminated — for example via the Task manager — it can then get triggered again on startup or by the scheduled task in the next minute,” said researchers.

“Such behavior can be easily overlooked by a less observant victim and may lead to a significant monetary loss.”

So far, researchers have found over 100 cryptocurrency wallet addresses belonging to HackBoss authors. These are the wallets the HackBoss malware puts in place of the victim’s crypto wallet. The malware authors have amassed $560,000 from victims since the scam started in November 2018.

While the HackBoss authors promote their fake hacking tools through other media, Telegram appears to be its main distribution path.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
Criminals target Discord to spread malware
live chat

Criminals target Discord to spread malware

26 Jul 2021
Nine traits you need to succeed as a cyber security leader
Whitepaper

Nine traits you need to succeed as a cyber security leader

26 Jul 2021
What is Maze Ransomware?
ransomware

What is Maze Ransomware?

22 Jul 2021

Most Popular

Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Salesforce's $28bn Slack acquisition: What's next for workplace collaboration?
collaboration

Salesforce's $28bn Slack acquisition: What's next for workplace collaboration?

22 Jul 2021
One third of cyber security pros report experiencing workplace harassment
Careers & training

One third of cyber security pros report experiencing workplace harassment

22 Jul 2021