Cybercriminals are exploring every method they can to get to your crypto, and the latest malware is proof of the ever-evolving tactics. Known as Masad Stealer, the new malware strain uses the Telegram messaging app to exfiltrate the stolen information. Other than stealing crucial information such as browser passwords, the malware is able to replace crypto addresses from the clipboard with addresses controlled by the attackers. Masad Stealer was discovered by security researchers from Juniper Labs. In their report, the researchers revealed that the malware is being advertised on black market forums under the name \u2018Masad Clipper and Stealer.\u2019 The most basic version of the malware is offered for free, with additional features being charged in tiers, the highest of which goes for $85. There is at least one website, masadproject.life, dedicated to promoting the malware. The attackers have also established a Telegram group for their clients which already has hundreds of members. The attackers\u2019 main distribution tactic involves posing as legitimate software or bundling the malware into third-party tools. Some of the popular software products they have targeted include CCleaner, Tradesanta, Iobit, ProxySwitcher and Samsung Galaxy Software Update. The malware is difficult to notice as it\u2019s small in size, averaging 1.5 MB. Once it\u2019s downloaded, it executes and immediately gets to work, collecting sensitive information from the host. This information includes system information, browser passwords, autofill browser fields, browser cookies, credit card browser data and cryptocurrency wallet addresses. To ensure that it\u2019s almost always running, the malware creates a scheduled task on the host machine that initiates every one minute. It\u2019s with cryptocurrency users that Masad Stealer is most lethal. The malware has been configured to recognize cryptocurrency addresses for over 20 cryptos, from BTC, Ethereum and Zcash to XRP, Dash and Lisk. Once the host copies a crypto address to the clipboard, the malware switches it with an address that belongs to the attackers. One of the BTC addresses that the attackers have been swapping with has already registered 193 transactions, receiving 0.95 BTC at press time which is worth $7,500. The report concludes, \u201cJuniper Threat Labs believes that Masad Stealer represents an active and ongoing threat. Command and Control bots are still alive and responding as of this writing, and the malware appears to still be available for purchase on the black market.\u201d It\u2019s been a hot summer for crypto malware, as CoinGeek reported recently. This year has seen a rebirth in the crypto malware menace, with millions of dollars being stolen in the past few months alone. Some of the most lethal malware campaigns include SkidMap which targeted Linux systems, Panda which is reported to be operated by Chinese hackers, Glupteba which relies on the BTC blockchain for extra resilience and Norman which is able to avoid detection.