Masad Stealer, a new bit of malware can replace wallet addresses as ‘you type them’.
It has been reported that according to Juniper Networks, it steals PC and system information, Credit Card Browser Data, Browser passwords, Installed software and processes, Desktop Files, Screenshot of Desktop, Browser cookies, Steam files, AutoFill browser fields, Discord, and Telegram data and FileZilla files.
However, the program dumps this information to the malware controller’s Telegram account, assuring relative security for the data it steals. It can also clip and change Monero, Litecoin, Zcash, Dash and Ethereum which addresses automatically and uses special search functions to pinpoint these addresses on a clipboard. Once it swaps the addresses, it can obstruct crypto as its being sent to legitimate wallets.
The Research Organization wrote:
“Based on our telemetry, Masad Stealer’s main distribution vectors are masquerading as a legitimate tool or bundling themselves into third-party tools.”Research Organization
The Organization added:
“Threat actors achieve end-user downloads by advertising in forums, on third-party download sites or on file-sharing sites.”Research Organization
However, the software disguises as useful-looking software like Tradebot_binance.exe, Galaxy Software Update.exe, and Fortniteaimbot 2019.exe. Once infected, then the computer begins communicating with the command and controls the Telegram channel and sends back private data.
Likewise, the malware allegedly costs $40 on the dark web and is completely configurable and very dangerous, said Juniper.
The researchers wrote:
“Juniper Threat Labs believes that Masad Stealer represents an active and ongoing threat. Command and Control bots are still alive and responding as of this writing and the malware appears to still be available for purchase on the black market.”Research Organization