Crypto Fraud Alert: New Trojan Horse malware on YouTube Bitcoin video

sec charges

Be on guard – Cyber crooks are getting very clever with technological tricks to, as the typical con game scam storyline goes, gain your trust, appeal to your greed, set the hook, and then fleece you for all that it is worth. The latest cyber “ruse” on the Internet is designed to victimize Bitcoin-aware consumers and was discovered by a researcher named “Frost” and broadcasted by the security publication Bleeping Computer. It entails the insertion of an insidious piece of malware, which goes by the name of Qulab Trojan.

For those of you that are unaware of the cyber-wave of computer theft that has hit the Internet from few years back and continues to morph and adapt with each passing year, crooks have discovered that the easiest way to compromise their online “marks” is to insert a piece of malicious software, i.e., malware, on the mark’s Internet access devices, whether desktop, laptop, tablet, or smart phone. The first trick is to attract you, which we will discuss below, then pass you along to their server, which does the dirty work of insertion on your device, while you are totally unaware of what is happening.

What can the malware do? To start with, it can steal browser credentials, crypto wallet files, and clipboard information. Per one expert: “The software first attempts to steal all sorts of data from the user’s browser. This includes history, saved credentials, cookies, and various social media credentials. On top of this, the Trojan can also steal .txt, .maFile, and .wallet files from a computer.” The software can also record your every keystroke, and then late at night, while you are sleeping, it will dial up the criminal server and upload its “loot”. Analytical programs can then detect log in and password data, which will be sold to other parties or used to defraud you directly at a later date.

The crypto Trojan Horse attacks Bitcoin-wise consumers and follows these steps:

  • Gain Your Trust: A professionally prepared YouTube video promotes a special “Bitcoin Generator” software program. It looks harmless enough, like any other one on YouTube and surely the YouTube folks only allow legitimate promotions to appear on their servers — NOT;
  • Appeal to Your Greed: Believe it or not, the Bitcoin generator will provide you with “free” Bitcoins, no questions asked. Cash them in and get rich quick, such a deal they have for you;
  • Sink the Hook: All you have to do is click a provided link that will allow you to download the software. You will actually be directed to the criminal’s server, which will download the Qulab Trojan onto your device. At that point, you have passed the point of no return;
  • Fleece You for All it’s Worth: From here on out, you will not know when or how you will be defrauded, but rest assured, you are now in the crook’s clutches.

Of course, the Bitcoin multiplying software is totally non-existent. The Qulab virus does more than just hijack information or report back keystrokes for further processing. For crypto investors that never want to worry about remembering the multitude of digits that apply to their crypto addresses, the malware knows where to find copies on clipborads, and it can actually replace addresses of your friends, so that future transfers will actually deposit in their coffers.

This particular scam was only discovered a few weeks back, but Bitcoin “hodlers” are not the only targets. Per the researchers: “The scammers have been able to tailor the Trojan to target the following crypto asset wallets: Bitcoin, Bitcoin Cash, Cardano, Bitcoin Gold, Bytecoin, Lisk, Dash, Doge, Electroneum, Ethereum, Graft, Litecoin, Monero, Neo, QIWI, Qtum, Steam Trade Link, Stratis, VIA, WME, WMR, WMU, WMX, WMZ, Waves, Yandex Money, and ZCash.”

As always, to avoid the cyber-crook’s siren call, steer clear of mysterious websites that beckon you with offers that sound too good to be true. Ads and links are everywhere on the Internet. A large percentage of them belong to cyber-crooks, and these ne’re-do-wells now aim at a younger age demographic. Millennials from 18 to 34 seem to be their target “sweet spot”. Stay vigilant and skeptical at all times!

To be forewarned is to be forearmed!


Read Also: