A trojan is being propagated on YouTube via fraudulent videos about an allegedly free bitcoin generator which attempts to steal crypto and personal data.
The Qulab information-stealing and clipboard hijacker trojan is being propagated on YouTube via fraudulent videos about an allegedly free bitcoin (BTC) generator, BleepingComputer reports on May 29.
According to the report, security researcher Frost reached out to BleepingComputer about the trojan scam, saying that YouTube would take down the fraudulent videos when reported, but new accounts and videos would subsequently pop up with the same MO.
The videos reportedly describe a tool that lets users earn free bitcoin, with a link in the video description. The links then direct to a download for the alleged tool, which is the Qulab trojan. After downloading, the trojan actually needs to be installed in order for it to be deployed.
In addition to attempting to steal a plethora of user information, the Qulab trojan will also reportedly attempt to sneakily steal cryptocurrency for the bad actor by scanning for strings copied to the Windows clipboard which the program recognizes as crypto addresses, and then substituting in the attacker’s address instead.
If a user pastes that string into a website field to specify where their funds are spent, they will paste in the attacker’s string instead and direct the funds there.
The warning indicates that this is a viable strategy, since users are reportedly unlikely to remember or visually register that their intended crypto address — a long string of characters — has been swapped out for a different one.
According to a report by Fumko, there is a long list of crypto addresses the trojan can recognize, including ones for bitcoin, bitcoin cash, cardano, ether, litecoin, monero, and more.
As previously reported by Cointelegraph, YouTube purportedly advertised malware disguised as an advertisement for bitcoin wallet Electrum in March. Reddit user mrsxeplatypus described the scam, predicated on URL hijacking, as follows:
“The malicious advertisement is disguised to look like a real Electrum advertisement […] It even tells you to go to the correct link (electrum.org) in the video but when you click on the advertisement it immediately starts downloading the malicious EXE file. As you can see in the image, the URL it sent me to is elecktrum.org, not electrum.org.”
Source: , CoinTelegraph
Articles listed with Cash Tech News as the author are either general information, or may have been imported from another website, to bring our readers a rich media experience that encompasses articles that we find interesting, as well as those curated by others.
The views and opinions expressed here are for informational purposes only, and should not be confused with professional financial advice. These opinions are solely those of the author and do not necessarily reflect the views of CashTechNews.com. Every investment and trade involves risk. You should conduct your own research, and contact your professional financial advisor before making any investment.
Corrections, feedback, and ideas should be submitted through the website contact form.