Avast researchers have identified a new cryptocurrency-stealing malware named HackBoss, which ensnares online users drawn into the game of selling, mining, and exchanging digital assets.
HackBoss has possibly managed to steal over US$560,000 (AU$726,000) from victims worldwide since November 2018.
According to Avast, “its authors have chosen a strategy of misusing public social sites such as Telegram, YouTube, and public forums for promotion of their malware disguised as various hacking or cracking applications that victims can download with the promise of ‘the best software for hackers’”.
Romana Tesařová, Malware Researcher at Avast, explained: “The software varies from bank and social site crackers to various cryptocurrency wallet and private key crackers or gift card code generators.”
“However, although each promoted application is promised to be some hacking or cracking application, it never is,” she stressed.
Tesařová illustrates how Hackboss infiltrates and “runs and looks for cryptocurrency wallet addresses that are copied to the Clipboard.”
She says: “When it detects a wallet address, it replaces the intended wallet with the HackBoss author’s own wallet address. A slightly less observant user may then hit the pay button without noticing that the copied wallet address has changed in the meantime and lose their coins, effectively diverting money to the malware authors.”
Avast stated they have collected “a list of more than 100 cryptocurrency wallet addresses belonging to HackBoss authors and to which the HackBoss malware exchanges the wallet address present in the clipboard.”
The wallet addresses format that HackBoss checks “are from Bitcoin, Ethereum, Dogecoin, Litecoin, and Monero cryptocurrencies and the majority of those wallets are Bitcoin wallets.”
Tesařová notes “cryptocurrency has become a viable investment.”
“People own some cryptocurrency coins nowadays and send coins via computer applications. It is important to be attentive when dealing with cryptocurrency”, she says.
Tesařová suggests to “double check the wallet address you are sending your assets to, use two-factor-authentication for accessing your digital wallets and, of course, install an antivirus, like Avast’s Free Antivirus, as it will protect you from malware such as HackBoss.”
Malware designed to steal cryptocurrencies fall into one of three main categories:
• Password stealers: malware focusing on stealing cryptocurrency wallets or files with passwords.
• Coinminers: malware that uses the victim’s machine’s computational power for mining cryptocurrencies.
• Keyloggers: malware that logs keystrokes to record passwords or seed phrases.
These three categories of cryptocurrency-related malware combined were the third most common type of malware seen in the wild over the past year.
“Password stealers have included a focus on cryptocurrencies for a long time now. It’s very easy to add a functionality for stealing cryptocurrency wallets to a password stealer, which means it’s uncommon these days to find a password stealer that doesn’t look for cryptocurrency wallets. Because of this, people should take extra care of their passwords, wallets, and digital assets,” concludes Tesařová.
For more information, go to Avast's recent Decoded article HackBoss: A cryptocurrency-stealing malware distributed through Telegram’.