A freshly discovered commercial spyware called “Masad Clipper and Stealer” is reported to be using bots on Telegram to steal cryptocurrency from victim’s wallets. Security researchers from Juniper Threat Labs reported that this spyware is delivered by a Trojan and uses Telegram for data exfiltration.
This new malware is currently being sold on the darknet. According to the Forbes report, the malware starts off free, but the price goes up to $85 for the version with most functionality. Report further states that researchers found a Telegram group with over 300 members where potential buyers could seek tech support and learn about the malware.
The spyware works like any other malware and looks for sensitive data through the web browser, including credit card details, passwords, autofill fields, cookies, installed software, and cryptocurrency wallets.
It is highly advised to use an official app store or manufacturer’s website to download an application into your system to avoid falling victim of this malware. Juniper researchers suggested having a next-generation firewall (NGFW) with Advanced Threat Protection to protect your systems.