Fraudulent YouTube videos promote BTC generator tool containing Trojan

30 May, 2019 | Updated: 30 May, 2019
by Fifi Arisandi
Security
Fraudulent YouTube videos promote BTC generator tool containing Trojan

Scammers post videos on YouTube offering a Bitcoin generator tool that actually contains Trojan.

Another day another scam found. This time, the bad actors use YouTube as the channel to trick people to fall into their malicious scheme.

According to BleepingComputer, the videos are promoting a Bitcoin generator tool that will generate free Bitcoins for their users.

The malicious videos have actually been reported to YouTube by security researcher, Frost, which were immediately taken down. But, every time a video is taken down, the bad actors create another video containing the same fraudulent links.

In all the vidoes, the link to download the tool is put on the description, along with another link to https://freebitco.in, which basically contains similar content.

Upon download, users are requested to download and run a Setup.exe file that contains Qulab Trojan, which will immediately infect the device right after.

The Qulab then will be able to steal the browser history, saved browser credentials, browser cookies, saved credentials in FileZilla, Discord credentials, and Steam credentials from the infected computers.

But, that’s not all. Qulab is also a clipboard hijacker, which has the capability of monitoring the Windows clipboard for certain data that will be swapped with different data the attacker wants if meets the criteria.

The “certain data” referred to is cryptocurrency addresses, which users often copy while performing crypto transactions. They will then be swapped with another address belongs to the attackers, without the users even realize.

Further analysis reveals that the Qulab Trojan supports various kinds of crypto addresses for the clipboard hijacker “feature” as shown by the table below.

Lastly, those who have been infected by Qulab must immediately change all passwords for all their online accounts, particularly those accounts where they keep their funds.

Follow Chepicap now on Twitter, YouTubeTelegram and Facebook!

Chepicap is now LIVE in Blockfolio! This is how you receive our latest news in your portfolio tracker!  

Read more about: Scam YouTube

Add a comment

Check out the latest news

You will be logged out and redirected to the homepage