Such malware had already been highlighted in Microsoft threat research.
SafeGuard Cyber has detected cryptocurrency theft malware on Telegram targeting some merchants employed by crypto companies, through the tactic of impersonating the social network.
According to a cybersecurity report, Telegram spoofing caused the malware to attack some merchants employed by a cryptocurrency company.
In practice, it seems that an institutional company in the cryptocurrency sector has hired the company SafeGuard Cyber to analyze if some of its Telegram trading employees had been attacked by malware for the theft of cryptocurrencies. This malware had already been featured prominently in Microsoft threat research.
Thanks to SafeGuard Cyber’s retrospective features for Telegram, its Division Seven (D7) threat intelligence team could confirm that the malware trader started operating in July 2022.
The threat actor was posing as a trusted person to carry out the social engineering attack more efficiently.
Telegram Threat Actor is DEV-0139 and It Works by Sending an Armed Excel File
Going more specifically, Microsoft had published an investigation into the menacing actor identifying it as DEV-0139, noting that it posed as a representative of another cryptocurrency investment firm.
Not only that, DEV-0139 works by sending an Excel file named OKX Binance & Huobi VIP fee comparision.xls armed with a malicious macro. Everything happens after the threat actor joins Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchanges, thus identifying their target among the members.
This kind of “guidance”, provided by Microsoft, led the SafeGuard Cyber D7 team to locate and confirm that these malicious files had been sent to the customer’s crypto company’s merchants.
More specifically, the threat actor would have adopted the tactic of impersonating a known employee of the client organization to deliver the payload.
Crypto Wallet and Exchange Coming Soon
Telegram revealed in early December its decision to enter the world of cryptocurrencies with its own products, such as a cryptocurrency exchange and a non-custodial wallet.
This was confirmed by CEO Pavel Durov, who declared how Telegram will, next year, build a set of decentralized tools, for millions of people to exchange and store cryptography in a safe way.
Despite the long crypto winter, Durov preferred to lay the foundations for a concrete entry into the crypto ecosystem, seeing the trend as an opportunity.
At this time, Telegram users can exchange the TON token that represents the social network’s Blockchain. Not only that, in 2022, the messaging app has also integrated the ability to exchange Bitcoin (BTC).
This service, already active on Telegram, is of the anonymous P2P type, namely, users will have to share their phone numbers to deposit, exchange, or buy cryptocurrencies. Moreover, the service is free for buyers, but not for sellers, who pay a 0.98% commission.
By Audy Castaneda
