Infosecurity Group Websites

Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more
Latest
News

New Spyware Threatens Telegram's 200 Million Users

A new piece of spyware, designed to steal sensitive information from users of the messaging app Telegram, is for sale on the black market.  

Trojan-delivered Masad Stealer and Clipper was clocked by researchers at Juniper Threat Labs. The spyware uses Telegram as a command and control (CnC) channel to cloak itself in a veil of anonymity. 

After installing itself on the computer of a Telegram user, Masad Stealer busies itself collecting information stored on the system, such as browser passwords, autofill browser field data, and desktop files. The spyware also automatically replaces cryptocurrency wallets from the clipboard with its own.

Other information vulnerable to an attack perpetrated through Masad Stealer includes credit card browser data, FileZilla files, steam files, browser cookies, PC and system information, and installed software and processes. 

Masad Stealer is being advertised for sale in several hack forums, making it an active and ongoing threat. Buyers can pick up a variety of versions, ranging from a free one to a premium package costing $85, with each tier of the malware offering different features.

Researchers at Juniper said: "Masad Stealer sends all of the information it collects—and receives commands from—a Telegram bot controlled by the threat actor deploying that instance of Masad. Because Masad is being sold as off-the-shelf malware, it will be deployed by multiple threat actors who may or may not be the original malware writers."

Masad Stealer is written using Autoit scripts and then compiled into an executable Windows file. Most of the samples discovered by Juniper were 1.5 MiB in size; however, the spyware has also been strutting around in larger executables and has been spotted bundled into other software.

Telegram, which celebrated its sixth birthday in August, has over 200 million monthly active users. While its platform may have been breached, the app is fully confident in its ability to protect the privacy of messages sent by its users. 

The app claims on its website to be "more secure than mass market messengers like WhatsApp and Line" and offers anyone who can decipher a Telegram message up to $300,000 in prize money. 

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Cleverly Faked Website Targets US Veterans

2
News

Malicious RDP Behavior Detected in 90% of Organizations

3
News

Microsoft Issues Emergency Patch for Critical IE Bug

4
News

Texas Prepares to Implement Mandatory Cybersecurity Training for Government Employees

5
News

Blackmail Fears as Data Leak Exposes Dating App Users

6
News

Health Industry Cybersecurity Matrix Launched

1
News

Cyber-Harassment Expert Wins MacArthur Genius Grant

2
News

New Spyware Threatens Telegram's 200 Million Users

3
News

Dunkin' Sued for Keeping Data Breach Secret

4
News Feature

EternalGlue: Using NotPetya as a Testing Tool

5
Magazine Feature

The Evolution of Fraud

6
News

Global Consumers Reject Government-Mandated Encryption Backdoors

1
Webinar

Common IAM Fears and How to Overcome Them

2
Webinar

The Persistence of Ransomware, New Variants & Better Tactics to Defend & Defeat

3
Webinar

Mitigating the Spear-Phishing Attack Threat

4
Webinar

Preventing Email Data Breaches: A Modern Approach

5
Webinar

The Key to Successful Cybersecurity Projects: Asset Management - Asking the Right Questions

6
Webinar

Mobile Access: Best Practices for a Modern Security Approach

1
Interview

Interview: Matt Davey, COO, 1Password

2
Opinion

The CFO’s Perspective: Steps to Quantifying Cyber Risk

3
News

#44CON: GPS Trackers Hacked to Make Premium Rate Calls

4
News Feature

Infosecurity Magazine Online Summit 2019: A Preview

5
Blog

Security by Sector: Charity Workers Least Likely to Receive Email Security Training

6
Opinion

Debunking Five Myths about Zero Trust