If you’re doing your usual rounds on social media, you may want to look out. There’s some malware spreading via a link to a story that says the United States Government is banning bitcoin, as reported by security firm Malwarebytes.
Obviously, the story isn’t true, but that won’t stop curious people from clicking on the links.
The shortened link takes the user to a pretty legitimate looking video from the Wall Street Journal on the topic of bitcoin being shut down by the feds, except for the fact the user isn’t on the Wall Street Journal’s homepage.
Instead, they’re on a site belonging to a Thai business, siam-sunrise.com. The video appears to load, and within a few seconds, up comes a fake pop-up for Adobe Flash Player.
When users click “Install”, they’ll receive several files, one of which being Install_Adobe_Flash_Player.exe. But it’s not Flash Player. It is instead a Trojan, and the computer becomes infected just like that.
According to MalwareBytes, it appears to be a remote access Trojan — possibly even related to the Darkcomet RAT infection.
Adam Kujawa at MalwareBytes describes:
“…the malware creates an establish connection with a remote server and drops additional malware, such as the ‘notepad.exe’ that is found in the Temp folder and beaconing out to the same remote server as the initial Install file.”
Fake Twitter accounts are primarily responsible for the initial distribution of the malware, but then there are the folks who re-tweet without actually reading (or visiting) what’s behind the link.
So if you come across this sort of thing, just don’t click it.