SafeGuard Cyber has detected a malware on Telegram for stealing crypto that targeted some traders employed by crypto companies through the tactic of impersonating the social network.
Telegram: impersonation led malware to attack some traders employed by crypto companies
According to a report by SafeGuard Cyber, Telegram impersonation led a malware to attack some traders employed by a crypto company.
Basically, it appears that an institutional cryptocurrency company hired SafeGuard Cyber to analyze whether on Telegram, some of its employee traders had been targeted by crypto theft malware. This malware had already been highlighted in Microsoft’s threat research.
Using SafeGuard Cyber’s lookback capabilities for Telegram, their Division Seven (D7) threat intelligence team was able to confirm that the malware on traders began operating in July 2022.
The threat actor impersonated a trusted individual to carry out the social engineering attack more efficiently.
Telegram: the threat actor is DEV-0139 and acts by sending an armed Excel file
Going more specific, Microsoft had published research on the threat actor by identifying him with the name DEV-0139, noting that he posed to his victims as a representative of another cryptocurrency investment company.
Not only that, DEV-0139 acts by sending an Excel file with the name OKX Binance & Huobi VIP fee comparision.xls armed with malicious macros. Of course, this all happens after the threat actor joins Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms, thus identifying its target among members.
This sort of ‘guidance’ provided by Microsoft, led SafeGuard Cyber’s D7 team to identify and confirm that these malicious files had been sent to traders of the client crypto company.
In this particular case, the threat actor allegedly adopted the tactic of impersonating a known employee of the client organization to deliver the payload.
The upcoming crypto wallet and exchange
Telegram had revealed in early December its decision to land in the crypto world with its own products such as a crypto-exchange and a non-custodial wallet.
This was confirmed by CEO Pavel Durov, who reportedly said how next year Telegram will build a series of decentralized tools for millions of people to exchange and store crypto in a ‘secure’ way.
Despite the long ‘crypto winter,’ the CEO of the messaging app preferred to put down the groundwork for concrete entry into the crypto ecosystem, seeing precisely the trend as an opportunity.
Currently, on Telegram, users can already exchange the TON token that represents the social network’s blockchain. Not only that, in 2022, the messaging app also integrated the ability to exchange Bitcoin (BTC).
Such service already active on Telegram is anonymous P2P, meaning that users will have to share their phone numbers in order to deposit, trade or buy crypto. In addition, the service is free for buyers, but not for sellers, who instead pay a 0.98% fee.
Source: https://en.cryptonomist.ch/2023/01/08/telegram-malware-crypto-2/