Crypto Scammers Take To YouTube; Promote Trojan-Hiding Software

Crypto Scammers Take To YouTube; Promote Trojan-Hiding Software
A new crypto scam and malware campaign is in underway as the
attackers play smart and utilize YouTube, yet this time they set up a rather
chancy trap for the users, promoting videos for a “bitcoin generator”
tool that guarantees to generate free bitcoins for them.
As indicated by a report in the digital security publication
Bleeping Computer, the scam was discovered by a researcher who goes by the name
of Frost.
Frost has been tracking the malevolent campaign for the past
15 days and has observed that every time he reports the user and their videos ,
YouTube does brings them down, yet the ‘bad actors’  just make another user and upload more.
In the video’s description there will likewise be links to
download this tool, which in reality a Trojan, and a link for the
https://freebitco.in site as shown below:

At the point when a user clicks on the download link in
these videos, they will be brought to a page offering a Setup.exe file.

The payload being pushed by this YouTube scam is the Qulab
information stealing and clipboard hijacker Trojan. Whenever executed, the
Trojan will duplicate itself to
%AppData%amd64_microsoft-windows-netio-infrastructuremsaudite.module.exe and
dispatch itself from that location.
Qulab endeavors to steal the browser history, saved browser
credentials, browser cookies, saved credentials in FileZilla, discord
credentials  and steam credentials. The
Trojan likewise contains code to take .txt, .maFile, and .wallet records from a
computer.
Qulab, on the other had goes about as a clipboard hijacker,
or clipper, implying that it will monitor the Windows clipboard for specific
information, and when distinguished, swap it with the different data  that the attacker needs.
In this specific case however , Qulab scans for crypto
currency  addresses that have been
replicated into the Clipboard, in many cases because a user is going to send
currency to the address.

It is recommended for the users who have been tainted with
this Trojan, that they ought to promptly change all passwords for their
financial accounts and websites that they visit. Furthermore, as usual, they
should turn to a password manager so as to make exceptional and solid passwords
for each account they visit.

Leave a Reply

Your email address will not be published. Required fields are marked *