Cryptocurrency-stealing Malware Dubbed HackBoss Stolen over $560,000 USD from the Victims

by chebbi abir

With the rapid rise in the value of cryptocurrencies such as Bitcoin and Dogecoin, more and more people are fascinated and drawn towards cryptocurrencies. The flip side to this being that even people with malicious intentions are drawn towards it. There are several malware that has been deployed that are specifically targeted at cryptocurrencies.

HackBoss is a family of malware that has been highly successful in stealing cryptocurrency coins. HackBoss is believed to have stolen at least $560,000 from victims. This malware is primarily being spread through Telegram.

Malware designed to steal cryptocurrencies fall into one of three main categories: 

Password stealers: malware focusing on stealing cryptocurrency wallets or files with passwords.

Coinminers: malware that uses the victim’s machine’s computational power for mining cryptocurrencies.

Keyloggers: malware that logs keystrokes to record passwords or seed phrases.

HackBoss Malware

HackBoss is a simple, yet very effective and highly rewarding cryptocurrency stealing malware. The authors of HackBoss own a Telegram channel via which the malware is spread. The Telegram channel is called Hack Boss, after which the malware is named. The channel promotes itself by saying “The best software for hackers (hack bank/ dating/ bitcoin)”.

It has been analysed that the malware is packed in a .ZIP file with an executable that launches a simple user interface.

Irrespective of the option clicked (in Fig 1), the fake UI will decrypt and execute the cryptocurrency-stealing malware on the victim’s device. The action can also give HackBoss persistence on the system by setting up a registry key to run it at startup or by adding a scheduled task that runs the payload every minute.

https://www.bleepstatic.com/images/news/u/1100723/2021/HackBossUI_examples.png
Figure 1. The Fake UI

The malware is very simple in its execution. The malware will check the clipboard for a cryptocurrency wallet and replace it with another one belonging to the attacker. When the victim initiates a cryptocurrency payment, HackBoss quickly copies the recipient’s wallet and replaces it with one of its own.

Success of the Attacks

A ploy so simple is usually not that lucrative, however, HackBoss seems to be an exception. The below figure illustrates the success of the attack.

https://www.bleepstatic.com/images/news/u/1100723/2021/HackBoss_Funds.jpg

 A word of caution to all the crypt enthusiasts. Always check your payment string before initiating a payment to your wallet.

To read the original article:

https://cybersecuritynews.com/hackboss-cryptocurrency-malware/

Top

Interdit de copier  ce contenu