Scam News

Crypto phishing attacks now propagated through downloaded movies and fake donate campaigns

Attackers targeting your cryptocurrency through crypto phishing tactics are now adding another tool to their toolbox- downloaded movies. Not just downloaded movies but those coming from Pirates Bay, a popular site for torrents. The crypto phishing attacks are targeted towards cryptocurrency traders using Windows-based computers.

According to Bleeping computer, a website focusing on computer security:

A malicious Windows shortcut file posing as a movie via The Pirate Bay torrent tracker can trigger a chain of mischievous activities on your computer, like injecting content from the attacker into high-profile websites such as Wikipedia, Google and Yandex search or by stealing cryptocurrency.

As noted by the security website, although Pirates Bay has been known to contain infected files, the current crypto phishing tactics are on another level.

The crypto phishing attack was discovered when a security researcher downloaded a movie from the torrent site. They never received the movie but a package including “a shortcut that executed a PowerShell command.”

Inspecting the file further revealed that the crypto phishing attack was using:

A sample of CozyBear, a piece of malware used by an advanced threat actor known by the same name and a few others (APT29, CozyDuke, CozyCar, Grizzly Bear).

Once the malicious code fully propagates on a victim’s computer, it tracks the victim’s journey through the internet. If they load a Bitcoin or Ethereum related website the malware replaces the addresses on the websites with its own.

Additionally, in a more sophisticated approach, the crypto phishing attacker uses Java script code embedded into the affected file to place fake donate buttons onto known websites like Wikipedia. The hackers provide their own addresses under the donate buttons.

Another tactic used by the attacker is manipulating Google search results when a victim searches for ‘spyware.’ The leading result leads to a website providing a comparison between well-known solutions but, the leading choice is one called totalAV which can be seen as another one from the hackers.

As the market slowly recovers from the crypto winter do you think crypto phishing attacks will grow in 2019?

Let us know your thoughts in the comments section.


Philip is an experienced blogger keen on staying updated with trends and news surrounding the blockchain and Bitcoin space. With several years of freelance experience in various industries, Philip brings his knowledge and experience into the crypto space.

Comments are off this post!