"Telegram Messenger Ads for 'Hacker' Software Hide Cryptocurrency Theft"
Malicious actors have been observed using advertisements on the Telegram messenger app to distribute samples of cryptocurrency-stealing malware called HackBoss malware to would-be hackers. According to the cybersecurity firm Avast, the malware family's creators have more than 100 cryptocurrency wallet addresses, with the wallets containing a collective total of over $560,000 when the analysis was conducted. However, the real amount stolen using HackBoss malware might be less as the security firm found that some of the creators' wallet addresses were also associated with scams aimed at tricking users into purchasing fake software. This could mean that the operators behind HackBoss have used the same cryptocurrency wallet addresses to carry out other malicious campaigns. The malware actors have been running a Telegram messenger channel called HackBoss to advertise applications said to be "the best software for hackers" for cracking banking sites, social sites, cryptocurrency wallets, and more. In reality, these fake cracking applications attempt to steal cryptocurrency from other hackers. In addition to the Telegram messenger channel, the creators of HackBoss used YouTube channels with promotional videos and posted advertisements on public forums to promote their malware. Malware such HackBoss, emphasizes the need for organizations and individual users to use caution when dealing with cryptocurrency by confirming the wallet address to which they are sending money and setting up multi-factor authentication (MFA). This article continues to discuss the use of the Telegram messenger app to distribute the cryptocurrency-stealing malware HackBoss to other hackers, other malware campaigns that have involved Telegram, and how to defend against malware like HackBoss.