top of page

Spyware Replaces Crypto Wallets using Telegram, Threatens 200 Million Users

Juniper Threat Labs, An American Internet infrastructure firm has found a new Trojan-delivered spyware, which replaces crypto wallets on clipboard using Telegram bots. In Short, the new spyware uses Telegram app to replace crypto addresses with its own.

Trojan-delivered Masad Stealer and Clipper

A new kind of spyware, which is designed to steal the important & sensitive information from the users belonging to messaging app Telegram, is in existence now. It's available for sale on the 'black market forums' and pointing out to the security of the crypto wallets. An American internet infrastructure firm and a threat intelligence portal named Juniper Threat Labs, has found a new Trojan-delivered malware impacting the Telegram's 200 million users. The Researchers at Juniper Networks (NYSE: JNPR), identified Trojan-delivered "Masad Stealer and Clipper", which is impacting major global messaging app Telegram via stealing the confidential information. It's all discussed in detail, according to threat research released on Sept. 26, 2019.

How dangerous can this Trojan-delivered malware be?

If we say personal details like browsing data, important documents, online saved files, browser autofill passwords, cryptocurrency exchange/wallets passwords along with usernames and, even credit/debit card information are not secure now? Then, how will you react? OMG! Seriously!

Yes! It's surely shocking to read that! The new spyware which is circulating under the name “Masad Clipper and Stealer”, is capable of stealing your personal information like we've mentioned above.

Apart from the personal details, The malware also has a function of replacing the elements, which easily replaces cryptocurrency wallets from the clipboards. Report includes the name of the cryptocurrencies even Bitcoin (BTC), where the spyware's clipping. Not only with BTC, there are a Number of major cryptocurrencies in the list like Ethereum (ETH), XRP (Previously known as Ripple), and Litecoin (LTC).

Below is a list of coins/wallet it tries to clip:

Image Source -

How these Ongoing Threat Signals process?

Talking about the functionality, the malware uses Command and Control (CnC) channel on Telegram. It allows the malware, which is written using Autoit scripts and then compiled into a Windows executable, some anonymity.

Just after the complete installation, the particular malware Masad Stealer starts to collect the sensitive and protective information from the system like crypto wallet addresses, browser data having credit card credentials, autofill browser field data, PC, Laptop, desktop files, FileZilla files, steam files, browser cookies, and system information.

Then after, Masad Stealer sends all collected information to a Telegram bot managed by the threat actor, which also sends commands to the spyware, According to Jupiter Threat Labs Reports.

Even at the time of publication, The security portal concluded that Masad Stealer is an active and ongoing threat Command and Control bots were still alive.

Researchers at Juniper said:

"Masad Stealer sends all of the information it collects—and receives commands from—a Telegram bot controlled by the threat actor deploying that instance of Masad. Because Masad is being sold as off-the-shelf malware, it will be deployed by multiple threat actors who may or may not be the original malware writers."

Where is this spyware 'Masad Stealer' available on?

As we are not prompting you to buy this masad stealer but for knowledge purpose, you must know everything about this Masad Stealer and their advertisements. According to some sources, the spyware is being advertised for sale in several black hat forums, which is making it an active and ongoing threat. Buyers can pick up a variety of versions, which are available ranging from a free one to a premium package costing $85, offering different features with each tier functionality.

So, What's new in the Telegram?

Telegram, the social messaging app, which has already completed six years in August, has over 200M+ monthly active users. Telegram application is also a cure for cryptocurrency lovers and fans, as large volume interaction (in the form of traders, free crypto signals, VIP signals, Miners, ICO's, IPO's & so on) comes from the Crypto community.

The app claims on its website to be "more secure than mass market messengers like WhatsApp and Line". They also announced a new bug bounty competition within its new smart contract coding contest. It includes the offer that anyone who can find a bug and claim up to $300,000 in prize money. Now, If you are a tech-friendly person then, you may also participate in this content to show your technical skills.

Meanwhile, Telegram recently released a wallet for its TON Blockchain’s native token Gram. This new wallet has been released in the app’s alpha version for iOS on Sept. 26. #Telegram #TelegramBot #MasadStealer #Bitcoin #Crypto #BitcoinScam


bottom of page