Scammers are attempting to hijack the popularity of YouTube crypto content and investors’ hunger to get rich quick to defraud potential victims. This involves tricking someone into downloading a programme under the pretence that they’re actually getting some sort of non-existent Bitcoin multiplying software.
Once downloaded, the malware uses several different methods to defraud victims. These include key logging, as well as stealing browser credentials and crypto wallet files.
Crypto Scammers Take to YouTube to Promote Trojan-Hiding Software
According to a report in digital security publication Bleeping Computer, a new crypto scam has been discovered. Those behind it use YouTube videos to promote a “Bitcoin generator” tool. Naturally, for those less tech savvy, and ultimately, gullible, the promise of free Bitcoin is simply too great a temptation to resist and they follow the link in the video’s description.
The victim is then taken to a download page away from YouTube. There, they are instructed to download and run a Setup.exe file, just as they would be had they been downloading most software.
If they download and install the file, their computer becomes infected with the Qulab Trojan, a particularly savage programme intended to steal information and hijack clipboards.
Although reported by Bleeping Computer, the scam was first discovered by a researcher known as Frost. They have apparently been tracking the campaign for just over two weeks. Once Frost manages to identify the videos and report them, however, the scammers simply create a new account and upload the fake Bitcoin generator promotional material once again.
The impact of the Qulab could be brutal for those not on top of their digital security, and let’s face it, if you’re downloading crypto generators from mysterious websites, you’re probably not a cyber security genius.
The software first attempts to steal all sorts of data from the user’s browser. This includes history, saved credentials, cookies, and various social media credentials. On top of this, the Trojan can also steal .txt, .maFile, and .wallet files from a computer.
However, the Qulab virus doesn’t stop there. It also hijacks clipboards. Since cryptocurrency addresses are long strings of characters and some people are worryingly blasé about copying and pasting them, the idea is that once copied, if the Trojan spits out a different public key (of a wallet under the scammer’s control), there is a fair chance that the victim won’t realise and will send their Bitcoin or other crypto assets to the hacker’s wallet.
The scammers have been able to tailor the Trojan to target the following crypto asset wallets: Bitcoin, Bitcoin Cash, Cardano, Bitcoin Gold, Bytecoin, Lisk, Dash, Doge, Electroneum, Ethereum, Graft, Litecoin, Monero, Neo, QIWI, Qtum, Steam Trade Link, Stratis, VIA, WME, WMR, WMU, WMX, WMZ, Waves, Yandex Money, and ZCash.
Featured Image from Shutterstock.