SafeGuard warns of new crypto-stealing malware in Telegram

The malware spreads via spamming with images and hides on the victim's device as an operating system file

12.07.2022 - 15:20

676

1 min

What’s new? Cybersecurity solutions provider SafeGuard Cyber warned of the emergence of a malware to steal keys to crypto wallets, which is spreading in the Telegram messenger. According to the press release, the company first discovered the fraudulent software back in June. The program masqueraded as an image file posted to a public Telegram channel about trading and digital assets.

The press release

What is the danger of the virus? The program spreads through spam with images and is downloaded by clicking on the attachment. On the device, it hides itself as an operating system file and then creates hidden copies of the victim's public and private keys to steal cryptocurrencies from the wallet. The software also has backdoor functionality, which can be upgraded and equipped with additional features.

The company noted that hackers are increasingly using communication platforms to spread malware.

Earlier, analysts at Cyble described the PennyWise virus, which can steal data from 30 different cryptocurrency wallets, including cold ones. The virus is spread under the guise of free mining software, links to which are posted under tutorial videos on YouTube. PennyWise is built using an unknown crypter, making it difficult to remove.

Author: