Several highly regarded commentators had referred to the BTC price dropping by more than 10% in 2019 as the Bitcoin crash. Throughout the week, Bitcoin’s price fluctuated between $8,000 and $6500, which was a bad sign for its future. A new threat campaign that stole Bitcoin wallets had become active and ongoing and had started posing a threat to Bitcoin buyers. So it becomes very important to select a safe and secure Bitcoin wallet.
How did the Masad Clipper and Stealer work?
Scientists from Juniper Threat Labs had reported that a Trojan used to deliver the spyware targets cryptocurrency wallets via encrypted Telegram messaging.
In black market forums online, “Masad Clipper and Stealer,” an off-the-shelf malware, was then being distributed. There was a free version of the malware, but the more functional versions cost $85 (£69). Researchers from Juniper found that there was a Telegram group with more than 300 members where potential buyers could learn more and, presumably, obtain technical support. There were over 200 million users of Telegram in the world and the messaging service was also being used by malware to provide anonymity to operators. There were multiple criminal actors using Masad because it was sold as an open-source package. According to Juniper researchers, there were around 338 Telegram C2 bot IDs, which correlated nicely with the membership of the Masad support group on Telegram.
The transmission vector of Masad?
Researchers at Juniper believed that Masad attackers had mostly used disguises as legitimate applications to infect their victims, or had bundled malware executables into third-party tools to mislead them. Several third-party websites and file-sharing sites advertised and linked users to these free downloads. Masad had been presenting himself with several software applications and tools, including a Fortnite game aimbot, Samsung Galaxy smartphone fake updates, and CCleaner, a system cleaning tool. Juniper’s research report provides the complete list.
What was Masad’s method of stealing Bitcoins?
Essentially, the malware was spyware: it searched for sensitive information, such as credit card details, passwords, autofill fields, cookies, installed software and processes, desktop files, and system information, through the web browser.
Wallets for cryptocurrencies, too.
One of the functions of the Masad malware was to look for a specific cryptocurrency wallet’s configuration by interrogating the system clipboard. Once Masad detected a match, it replaced the clipboard data, the wallet, with one that belonged to the attacker and which was encoded into the malware binary. These cybercriminals looked at nearly every cryptocurrency, including Bitcoin; they were opportunists and would not overlook the chance to profit.
How to mitigate the risk of stealing Bitcoin wallets from Masad
Download your software, tools, and services only from an official app store or manufacturer’s website as a mitigation measure. And from nowhere else. This will protect your open-source Bitcoin Wallet. Researchers at Juniper said that “you need a next-generation firewall with advanced threat protection to protect your organization.” Telegram protocol can be identified and blocked by NGFWs if there is no legitimate business use, and ATP products provide other methods to detect and counteract this malware too.