SafeGuard Cyber has detected cryptocurrency-stealing malware on Telegram targeting some traders employed by cryptographic companies through the tactic of impersonating the social network.
Telegram: Identity theft has led to malware attacking some traders employed by crypto companies
According to a report by Cyber protection, Telegram’s impersonation led to malware attacking some traders employed by a cryptocurrency company.
Basically, it appears that an institutional cryptocurrency firm has hired SafeGuard Cyber to analyze whether some of its employee traders on Telegram have been targeted by cryptocurrency theft malware. This malware was already highlighted in Microsoft’s threat research.
Using SafeGuard Cyber search features for Telegramtheir Division Seven (D7) threat intelligence team was able to do this confirm that the trader malware started operating in July 2022.
The threat actor impersonated a trusted individual to perform the social engineering attack more efficiently.
Telegram: Threat actor is DEV-0139 and works by sending a weaponized Excel file
Going more specifically, Microsoft had published research on the threat actor identifying it with the name DEV-0139noting that he posed to his victims as a representative of another cryptocurrency investment firm.
Not only that, DEV-0139 works sending an Excel file with the name OKX Binance & Huobi VIP fee comparision.xls armed with malicious macros. Of course, all of this happens after the threat actor joins Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms, thus identifying his target among the members.
This sort of “guide” provided by Microsoft led SafeGuard Cyber’s D7 team to identify and confirm this these malicious files had been sent to merchants of the client’s crypto company.
In this particular case, the threat actor would have adopted the tactic of impersonate a well-known employee of the client organization to deliver the payload.
The next cryptocurrency wallet and exchange
Telegramhad revealed in early December its decision of enter the world of cryptocurrencies with its own products such as a crypto-exchange and a non-custodial wallet.
This was confirmed by CEO Pavel Durov, who reportedly said like next year Telegram will create a set of decentralized tools for millions of people to exchange and store cryptocurrencies in a “secure” way.
Despite the long ‘cryptowinter’ the CEO of the messaging app preferred to lay the foundations for a concrete entry into the crypto ecosystem, precisely seeing the trend as an opportunity.
Currently, on Telegram users can already exchange the TON token which represents the blockchain of the social network. Not only that, in 2022 also the messaging app integrated the possibility to exchange Bitcoin (BTC).
This service is already active on Telegram Anonymous P2P, which means that users will have to share their phone numbers to deposit, trade or buy cryptocurrencies. Furthermore, the service is free for buyers, but not for sellers, who instead pay a commission of 0.98%.