Search This Blog

Crypto Scammers Take To YouTube; Promote Trojan-Hiding Software

YouTube cryptocurrency videos pushing info-stealing Trojan.


A new crypto scam and malware campaign is in underway as the attackers play smart and utilize YouTube, yet this time they set up a rather chancy trap for the users, promoting videos for a "bitcoin generator" tool that guarantees to generate free bitcoins for them.

As indicated by a report in the digital security publication Bleeping Computer, the scam was discovered by a researcher who goes by the name of Frost.

Frost has been tracking the malevolent campaign for the past 15 days and has observed that every time he reports the user and their videos , YouTube does brings them down, yet the 'bad actors'  just make another user and upload more.




In the video's description there will likewise be links to download this tool, which in reality a Trojan, and a link for the https://freebitco.in site as shown below:






At the point when a user clicks on the download link in these videos, they will be brought to a page offering a Setup.exe file.

The payload being pushed by this YouTube scam is the Qulab information stealing and clipboard hijacker Trojan. Whenever executed, the Trojan will duplicate itself to %AppData%\amd64_microsoft-windows-netio-infrastructure\msaudite.module.exe and dispatch itself from that location.

Qulab endeavors to steal the browser history, saved browser credentials, browser cookies, saved credentials in FileZilla, discord credentials  and steam credentials. The Trojan likewise contains code to take .txt, .maFile, and .wallet records from a computer.

Qulab, on the other had goes about as a clipboard hijacker, or clipper, implying that it will monitor the Windows clipboard for specific information, and when distinguished, swap it with the different data  that the attacker needs.

In this specific case however , Qulab scans for crypto currency  addresses that have been replicated into the Clipboard, in many cases because a user is going to send currency to the address.

It is recommended for the users who have been tainted with this Trojan, that they ought to promptly change all passwords for their financial accounts and websites that they visit. Furthermore, as usual, they should turn to a password manager so as to make exceptional and solid passwords for each account they visit.

Share it:

Bitcoin

cryptocurrency

Youtube