Avast identifies new cryptocurrency malware Hackboss

Researchers from Avast, the global digital security and privacy company, say they have identified new cryptocurrency-stealing malware.

The new malware which Avast has called HackBoss, is targeting online users who sell, mine, and exchange digital assets.

Avast says HackBoss is simple but effective malware that has possibly stolen over USD $560,000 from victims worldwide since November 2018.

The authors of the malware use a strategy of misusing public social sites such as Telegram, YouTube, and public forums to promote the malware while disguised as hacking or cracking applications.


“The software varies from bank and social site crackers to various cryptocurrency wallet and private key crackers, or gift card code generators,” says Avast malware researcher, Romana Tesaov.

“However, although each promoted application is promised to be some hacking or cracking application, it never is. Once installed, the HackBoss malware is simple in premise, it runs and looks for cryptocurrency wallet addresses that are copied to the Clipboard. When it detects a wallet address, it replaces the intended wallet with the HackBoss author’s own wallet address.”

He adds that the user may then hit the pay button without noticing that the copied wallet address has changed in the meantime and lose their coins, effectively diverting money to the malware authors.

Avast says it has collected a list of more than 100 cryptocurrency wallet addresses belonging to HackBoss authors, to which the malware then exchanges the wallet address present in the clipboard. Formats that the wallet checks for are Bitcoin, Ethereum, Dogecoin, Litecoin, and Monero cryptocurrencies, the majority being Bitcoin wallets.

“As cryptocurrency has become a viable investment, many people own some cryptocurrency coins nowadays and send coins via computer applications,” says Tesaov.

“It is important to be attentive when dealing with cryptocurrency. Always double-check the wallet address you are sending your assets to, use two-factor authentication for accessing your digital wallets and, of course, install an antivirus, as it will protect you from malware such as HackBoss.”

Avast says the three most common types of malware it sees are:

  • Password stealers. Malware focusing on stealing cryptocurrency wallets or files with passwords.
  • Coin miners. Malware that uses the victim’s machine’s computational power for mining cryptocurrencies.
  • Keyloggers. Malware that logs keystrokes to record passwords or seed phrases.

Tesaov says that password stealers have focused on cryptocurrencies for a long time now. 

“It’s very easy to add functionality for stealing cryptocurrency wallets to a password stealer, which means it’s uncommon these days to find a password stealer that doesn’t look for cryptocurrency wallets,” he says.

“Because of this, people should take extra care of their passwords, wallets, and digital assets.”