A new malware known as Masad Stealer has surfaced that replaces wallet address as soon as you type them. According to Juniper Networks, the malware targets browsers and injects infectious codes in the browser that allows it to steal user data.
Masad Stealer and how it works
The malware has the ability to invade the victim’s computer and steals their personal information. The malware steals all information on the browser, including cookies, saved passwords and Discord, and Telegram data. Furthermore, the malware can take a screenshot of the desktop, see credit card data, and steal FileZilla files.
The virus steals the information and then transfer it to the controller’s Telegram account, ensuring security for transferring the stolen data. The virus also has the ability to modify cryptocurrency addresses, including Ethereum, Monero, and Zcash. The virus is equipped with specific tools that allow it to pinpoint these addresses across your clipboard. Once it has modified these addresses, the controller can steal all cryptocurrencies being sent to these addresses.
Juniper studied a specific wallet that currently contains one full Bitcoin. Juniper noted that the malicious actors behind Masad Stealer are posing as legitimate or third-party tools. The virus attacks by advertising in forums across third-party download sites.
Masad Stealer poses as a useful application like Tradebot_binance.exe and Forniteaimbot and invades the person’s computer. The virus then takes charge of the person’s computer and starts stealing user data until it gains control of the Telegram channel. Once the Telegram channel is compromised, it starts sending the stolen data back to the controller.
Reportedly the malware is available for forty dollars ($40) on the dark web and is entirely configurable and highly dangerous.
The number of scams in the ecosystem has been growing despite standards of security rising. These include sextortion emails, Discord scams among many others.
