Many covet cryptocurrencies these days. However, it is equally attractive to those with good intentions as it is to those with bad intentions. Thus, cryptocurrencies are in the eye of cybercriminals. This is the case of the latest discovery by Avast Threat Labs, the cybersecurity software company’s network of experts. Which alerted on its website about HackBoss. A password-stealing malware that siphons cryptocurrencies sent by users.
The cybercriminals distribute the malware through a telegram channel, mainly. This channel has the same name as the malware and has existed since 2018. There the creators offer various hacking and cracking tools. For example, “the best software for hackers (hack bank/dating/bitcoin)”. All publications of the channel publish everything from bank crackers to crypto wallets. Plus gift card code generators. But all the offers are fake.
Here’s how HackBoss works
In exchange for the supposed tool downloads, malware is installed on the device. Although the operation is simple, experts describe it as effective. Basically, HackBoss searches for cryptocurrency addresses in the clipboard. Subsequently, when it detects a wallet address, it replaces that address with that of the malware author. Thus, it diverts users’ funds to it. Thus, when the user tries to send the funds to some person. He may not realize that the destination address was changed. And thus send the funds to the malware author.
But the problem does not stop there. Because even if the victim closes the application interface, the malicious payload continues to run. Likewise, if the malicious process is closed, it can be reactivated when the device is started. Or through minute-by-minute scheduled tasks.
So far, the channel has more than 2,500 subscribers. According to researchers, the victims reside mainly in Nigeria and the United States. It is also estimated that the perpetrators received more than half a million dollars. Collected from cryptocurrency detour. Although it may also reflect profits from sales of fake software.