Back to the list

SafeGuard Discovers New Crypto-Stealing Trojan in Telegram


cryptoknowmics.com 12 July 2022 14:08, UTC
Reading time: ~2 m

SaaS security platform SafeGuard Cyber has announced the discovery of a new trojan that steals information from crypto investors in the Telegram messaging app.

New Crypto Stealing Trojan Detected On Telegram

According to a press release from today, SafeGuard Cyber identified the malware sample back in June. The trojan, which was hidden inside an image file, was detected immediately after it was posted on a public Telegram channel used by crypto enthusiasts. The trojan has backdoor functions as well as data-stealing functions to create hidden copies of the victim's private and public key store in order to steal their crypto assets. The malware hides as an operating system file on the victim's device. When deployed in Telegram, it gets concealed in an image file to avoid detection. The lure for this malware appears to be spamming images until a victim inadvertently clicks on the attachment. Commenting on the development, Storm Swendsboe, Director of Threat Intelligence of SafeGuard Cyber, said:

"This malware was intended to target new or unsuspecting users of the Telegram channel, with the goal of stealing their cryptocurrency wallet keys. The Trojan also has backdoor capabilities, which could potentially be used to update or add new features to it, thereby enhancing or expanding its malicious uses in the future."

Telegram Has Become Hotbed For Crypto Scammers

Telegram is a widely used messaging platform and is also a favorite place for crypto enthusiasts to receive updates about an upcoming airdrop, token, or an NFT. However, the messaging platform is now being used by hackers to steal credentials. For instance, there are numerous Telegram groups that serve as a distribution channel for malware. In fact, any person distributing a specific malware is offered a commission of up to 50 percent on the stolen contents of a crypto wallet.

Back to the list