ADVERTISEMENT
Advertise with BNC

Crypto Stealing Malware Found In Telegram Chats

US security firm SafeGuard Cyber finds crypto stealing trojan horse in Telegram chat image upload - warns of widespread social media vulnerability.

SafeGuard Cyber says it recently discovered a remote access trojan (RAT) virus posted in a crypto investment public Telegram chat. The company says the purpose of this Trojan was to steal Bitcoin keys.

"This malware was intended to target new or unsuspecting users of the Telegram channel, with the goal of stealing their cryptocurrency wallet keys," said Storm Swendsboe, Director of Threat Intelligence of SafeGuard Cyber. "The Trojan also has backdoor capabilities, which could potentially be used to update or add new features to it, thereby enhancing or expanding its malicious uses in the future."

When deployed in Telegram, the specific Trojan SafeGuard Cyber analyzed was concealed in an image file to avoid detection. The company identified the Telegram names “港島輝達資本” (Chinese for “Hong Kong Island Huida Capital”) and “Your Grace” as being used on the platform to spread the malware. Although the company says 港島輝達資本 did engage in some conversations on the channel, the majority of their activity was spamming the channel with images containing the virus.

Once downloaded the virus would pop a seemingly innocent command prompt ‘error’ alert with indiscernible text. After the user hit ‘enter’ in the command prompt window, it would ping the localhost. The program would then exit and the application would remove itself from the desktop and runs as “Skc3sk.exe”, creating hidden copies of the victim’s private and public keys.

It also makes a copy in the SYSWoW64 folder and hides itself as an operating system file. The task “Skc3sk.exe” runs persistently in the background. SafeGuard says the callout and ping command tells the attacker that the Trojan has been executed and the user’s system is now vulnerable.

Social Communications Channels Bypassing Traditional IT Security

With 45% of all online business communication now taking place outside of email, threat actors are increasingly using Telegram and other digital communication platforms to spread malware and compromise victims, SafeGuard Cyber CTO Otavio Freire says. Social Media Vulnerable

Most social media channels are not protected by traditional IT security infrastructure experts say.

"This poses an even larger threat. Once a Trojan infects an employee’s device, the attacker can then use it to spread laterally within the company or organization. As companies have shifted to cloud-based platforms and hybrid workplaces, employees are utilizing a growing number of diverse digital channels to communicate, nearly all of which are unmonitored by traditional security solutions. This has created an enormous blind spot for businesses and an ideal opportunity for threat actors."


ADVERTISE WITH BRAVE NEW COIN

BNC AdvertisingPlanning your 2024 crypto-media spend? Brave New Coin’s combined website, podcast, newsletters and YouTube channel deliver over 500,000 brand impressions a month to engaged crypto fans worldwide.
Don’t miss out – Find out more today


ADVERTISEMENT
Advertise with BNC
ADVERTISEMENT
Advertise with BNC
BNC Newsletters: A weekly digest of the most important news and analysis.
ADVERTISEMENT
Advertise with BNC
Submit an event on bravenewcoin.com
Latest Insights More
ADVERTISEMENT
Advertise with BNC