Masad Spyware Uses Telegram Bots for Command-and-Control
Researchers with Juniper Threat labs have uncovered a new spyware variant targeting Windows and Android systems. The malware, called the “Masad Clipper and Stealer,” not only gathers sensitive data after infecting a device, but is also capable of extracting funds from cryptocurrency wallets.
The threat actors are controlling the spyware via a unique command-and-control (C2) setup that relies on Telegram bots. The Masad developers are selling the malware to cyber criminals on underground forums. This seems to be a successful arrangement because the researchers have so far identified 338 unique bots, which shows that the spyware is already being used in hundreds of different campaigns.