HackBoss Malware Spread Through Telegram
A group of cybercriminals is abusing the Telegram messaging service to propagate fake software, which poses as hacking tools meant to serve a wide range of purposes. It appears that the 'mastermind' behind the operation goes by the nickname 'Hack Boss' and they seem to offer a rich arsenal of free hacking tools. According to their messages, users can download and launch software meant to help them crack:
- Accounts for the Mega.nz file-hosting service.
- Bank credentials for Anz.com.
- Bitcoin wallets.
- Telegram profiles.
- Various pieces of Windows software.
When a user launches one of the fake apps, they will unknowingly run the HackBoss Malware on their device. This malware is very limited in terms of functionality, and it specializes in executing just one task – it monitors the Windows clipboard for strings that match cryptocurrency wallets and then replaces them with wallets owned by the attacker. This way, the HackBoss Malware makes sure that when one of its victims wants to make a cryptocurrency transaction, they will unknowingly paste the criminal's wallet instead the one used by their original recipient.
Typically, cryptojacking campaigns like this one are not that successful, but the HackBoss Malware has been around since 2018. It is not clear whether its creators are relying just on Telegram to spread the malicious application – researchers believe that they might be exploring other opportunities as well. Allegedly, the wallets owned by the attackers have received over 8 Bitcoin and nearly 7 Ethereum over the past three years – this is equal to about $550,000.
It is not uncommon for cybercriminals to try and exploit naïve, novice hackers who are looking for free malware to use. The apps distributed by 'Hack Boss' are entirely useless, and their sole purpose is to deploy the HackBoss Malware. You can protect your system from such attacks by using a regularly updated anti-malware software suite.