SafeGuard Cyber ​​Detects New Crypto-Stealing Trojan in Telegram

CHARLOTTESVILLE, Va., July 12, 2022 /PRNewswire/ — SafeGuard Cyber, the leading provider of security and compliance solutions for today’s email and communication-based threats, has discovered a new information stealer targeting cryptocurrency investors in Telegram.

SafeGuard Cyber’s multi-channel SaaS-based protection platform, which utilizes natural language understanding (NLU) and machine learning technologies to detect and prevent threats across 30 digital communication platforms, first identified the new malware sample in June. The Trojan, which was hidden inside an image file, was detected immediately after it was posted in a public cryptocurrency Telegram channel used by investors and enthusiasts.

“This malware was intended to target new or unsuspecting users of the Telegram channel, with the goal of stealing their cryptocurrency wallet keys,” said Storm Swendsboe, Director of Threat Intelligence of SafeGuard Cyber. “The Trojan also has backdoor capabilities, which could potentially be used to update or add new features to it, thereby enhancing or expanding its malicious uses in the future.”

Key highlights of the new crypto-stealing Trojan:

  • The Trojan has backdoor functions as well as data stealing functions.
  • It creates hidden copies of the victim’s private and public key store in order to steal cryptocurrency.
  • It also beacons the attacker to confirm the connection is active, suggesting a Command-and-Control (C2) infrastructure.
  • This malware hides itself as an operating system file on the victim’s machine.
  • When in Telegram, the specific sample SafeGuard Cyber ​​analyzed was concealed in an image file to avoid detection. The lure for this malware appears to be spamming images until a victim inadvertently clicks on the attachment.

“Threat actors are platforms using Telegram and other digital communication to spread malware and compromise victims,” said Otavio Freire, President and CTO of SafeGuard Cyber. “This poses an even larger threat than cryptocurrency theft. Once a Trojan infects an employee’s device, the attacker can then use it to spread laterally within the company or organization. As companies have shifted to cloud-based platforms and hybrid workplaces, employees are utilizing a growing number of diverse digital channels to communicate, nearly all of which are unmonitored by traditional security solutions.

SafeGuard Cyber ​​detects attacks and identifies risk by understanding how humans interact and communicate. The company’s NLU-based SaaS platform offers the industry’s most advanced visibility and detection of phishing, account takeover, impersonation, BEC, insider threats and malware attacks that span the full range of modern business communications channels, including social media, collaboration, mobile messaging, conferencing, CRM and the Microsoft 365 ecosystem.

To learn more about the crypto-stealing Trojan, read SafeGuard Cyber’s online report, “Crypto-Stealing Malware Detected.”

About SafeGuard Cyber

SafeGuard Cyber ​​provides the only comprehensive technology solution for addressing cybersecurity threats and compliance risks across the modern cloud workplace. The company’s patented and award-winning Natural Language Understanding technology analyzes and correlates conversations across 30 communication channels and 52 languages, including collaboration, social, chat, messaging, and conference platforms, in order to detect and prevent communication-based threats like social engineering. By stopping attacks at the social engineering stage, SafeGuard Cyber ​​allows companies to prevent data breaches, ransomware, invoice fraud, and many other threats. The company’s cloud-based Machine Learning also provides compliance solutions for governance and policy enforcement that empower customers to communicate through modern apps and social networking. Learn more at

SOURCE SafeGuard Cyber


Leave a Comment

Your email address will not be published. Required fields are marked *