Juniper Networks has discovered a new Masad Stealer virus that spoofs the addresses of cryptocurrency wallets in users ‘ browsers, as a result of which they send funds to an attacker.
In addition, Masad Stealer steals various personal information and system data. The virus sends the hacker information about credit cards stored in the browser, files from the desktop, data from the Discord service, and so on. In this case, the Telegram messenger is used for sending data.
The virus has a built-in algorithm for recognizing addresses of Monero, Litecoin, Zcash, Dash and Ethereum cryptocurrency wallets in the clipboard. After detecting the address of the cryptocurrency wallet, Masad Stealer replaces it with the address of the attacker.
“Masad Stealer is distributed by disguising itself as another program, as well as by introducing third-party utilities into installation packages. Users download the virus from various forums and file – sharing sites,” computer security experts say.
Recall that at the end of August, the antivirus company McAfee reported that for the 1st quarter of 2019, the number of malware installations for cryptocurrency mining increased by 29% compared to the previous quarter.