Threat Database Stealers Masad Stealer

Masad Stealer

The Masad Stealer is a hacking tool that also is sold as a service on various hacking forums. To get the interest of potential buyers, the authors of eh Masad Stealer offer a free lite version of the threat, which naturally has limited capabilities compared to the full version. The fully weaponized variant of the Masad Stealer is sold for $85.

Operates on Telegram

The operators of the Masad Stealer have opted to host their malware's campaign on the messaging application Telegram with bots serving as C&C (Command & Control) server. This application has been gaining popularity for a while now and has over 200,000,000 users worldwide. This is an interesting and cunning approach as trying to track the attackers on such a massive platform can prove to be nearly impossible.

It can Collect Cryptocurrency Wallets and Operate as a Clipper

The Masad Stealer can serve both as a tool for collecting cryptocurrency wallets and as a 'clipper.' A threat that is classified as a clipper is a piece of malware, which can detect what lines of text has the user copied onto their clipboard. Clippers usually look for strings of text, which indicates that the address of a cryptocurrency wallet has been copied. Once this has been detected, the clipper will make sure to replace the address that the user copied with the address of the cryptocurrency wallet of its operator. As cryptocurrency wallets' addresses are usually rather long, most users tend to overlook what they are pasting when they want to transfer cryptocurrency to a wallet. The people that operate the Masad Stealer appear to have already collected Bitcoin worth over $9,000. The Masad Stealer has been equipped to detect the presence of text strings related to the following services and applications:

QIWI PAY, Dash, Web Money, Ripple, Bicond, Emerecoin, ByteCoin, Yandex Money, Bitcoin Cold, Lisk, Via, Steam Trade Link, Qtum, Stratis, Monero, Ethereum, Neo, ZCASH, ADA, Dogecoin, etc.

It can Collect Information

Apart from collecting cryptocurrency wallets and operating as a clipper malware, the Masad Stealer also can siphon sensitive data from the compromised system. It is capable of collecting:

  • Steamed related files.
  • Telegram login credentials.
  • Discorded login credentials.
  • Files located on the desktop.
  • The list of running processes.
  • The list of installed software.
  • FileZilla related files.
  • Files related to Jaxx, Electrum and Exodus wallet services.
  • Credit card information saved in the browser.
  • Cookies saved in the browser.
  • Autofill information saved in the browser.
  • Information regarding the hardware and software of the system.

Archives All Collected Data

The Masad Stealer also is able to capture screenshots of the desktop and then siphon them to the C&C servers of the attackers. This malware makes sure to archive all the collected information using the 7Zip tool and then send the archived data to the Telegram bot. Having in mind that the Masad Stealer is being sold as a service and there are potentially many con artists operating this threat the propagation methods can be countless.

We would advise you to avoid shady websites and avoid downloading any content which is not hosted on legitimate web pages. Also, make sure you obtain a genuine anti-malware tool, which will keep your system secure.


Most Viewed