Masad Stealer
The Masad Stealer is a multi-purpose piece of malware that relies on Telegram bots to serve the purpose of a Command & Control server. By using a messaging service with 200,000,000 users to orchestrate the attacks, the authors of the Masad Stealer have made sure that their activity will stay under the radar, and it will be difficult to follow their tracks. The malware is not being used privately and, instead, it is being advertised on online hacking forums. The original authors offer a free version with limited capabilities, but they also provide their customers with the ability to pay up to $85 to unlock the full range of features that the Masad Stealer possesses.
The Masad Stealer Extracts Cryptocurrency Wallets and Other Data
This malware excels at collecting cryptocurrency wallets, but it also has the ability to act as 'clipper malware.' This is a malware that monitors the Windows clipboard and checks all strings for the presence of a cryptocurrency wallet address – if it finds a match, the malware will replace the wallet address with one owned by the attacker silently. This way, they can hijack transactions made by users who are infected by the Masad Stealer easily and do not double-check their transaction details. This is a common strategy used by malware authors, and it appears to have already netted significant profits for the Masad Stealer's operators – one of the Bitcoin addresses used to hijack transactions has around $9,000 worth of Bitcoin on it.
The Masad Stealer has the ability to extract other data from the victim's computer. According to the ad promoting its features, it cancollect:
- Desktop files.
- Take a screenshot of the desktop and send it to the Command & Control server.
- Steam files.
- Saved browser details – autofill information, browser cookies and credit cards.
- Discord and Telegram details.
- List of installed application and running processes.
- Software and hardware information.
- Files used by FileZilla.
- Electrum, Jaxx and Exodus wallet files.
All of the data that the Masad Stealer extracts is archived via the 7Zip utility that the malware's binary brings. The '.7Z' archive can then be transferred to the Telegram bot used by the attacker.
The Masad Stealer also Doubles as a Clipper Malware
Apart from replacing cryptocurrency wallets, the Masad Stealer also can replace the addresses of many other popular services:
ADA, ZCASH, Dogecoin, Monero, Neo, Stratis, Qtum, Via, Lisk, Yandex Money, Emerecoin, Ripple, Dash, Ethereum, Steam Trade Link, Bitcoin Cold, ByteCoin, Bicond, Web Money, QIWI PAY, and others.
Since the Masad Stealer is being sold, it can be distributed via all techniques. So far, samples of the Masad Stealer have been found in fake money generators, fake uploads of legitimate tools, fake game hacks and cracked software. We advise users to restrain from downloading suspicious files from non-trustworthy sources since these may often be used to hide threatening malware.
Protecting yourself from the Masad Stealer can be done by following the latest security practices and investing in a reputable anti-malware software suite.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.