Recently, a security researcher discovered a cryptocurrency related malware campaign running on YouTube. It uses videos to promote a free Bitcoin generator that promises users free Bitcoin. Instead, a get free malware installed into your device.
According to Bleeping Computer, Frost, a security researcher discovered the campaign. Frost has been tracking the malware for the past two weeks, and discovered more malware on YouTube with a cryptocurrency catch.
Frost claimed that each time a user reports the free Bitcoin videos, YouTube pulls them out, but the bad actors behind it create a new account then uploads them back once more.
The bad actors trick users into downloading the Bitcoin generator, which is linked to in the description of the video, it’s also linked to a popular Bitcoin faucet. Once you download the file and run it on your device, the Qulab Trojan is installed.
The malware tries to steal information from the user’s device, including their browser history, saved browser credentials etc. The malware also searches the device to steal wallet files and txt files, presumably to have access to cryptocurrency wallets.
Qulab Trojan reportedly monitors Windows clipboards to hijack contents. This means, if a user copies a Bitcoin address, Qulab replaces it with an address belonging to the bad actors.
Often users don’t check an address, they copy and paste, and they might send payments to the bad actors unknowingly. An analysis conducted by Fumko indicates that the malware can detect addresses from various cryptocurrencies such as ADA, ETH, BCH, NEO, DOGE, BTC, LTC, XMR and more.
This isn’t the first type a malware replaces copied addresses to steal funds from users. ClipboardWalletHijacker managed to infect over 300,000 computers worldwide. Security researchers have warned that cybercriminals monitor over 2.3 million cryptocurrency addresses using clipboard hijackers.
YouTube in the past inadvertently promoted an illegitimate version of Electrum Bitcoin wallet. The scammers were trying to separate users from their BTC through a phishing scheme.
Do you think the free Bitcoin cryptocurrency malware will affect more people owing to the fact that the platform is a leading video sharing site?
You may also be interested in: