Voted Coins
Icon Karma (on Sol) - Airdrop Icon AlttC (on Sol) Icon Get your coin listed here
Icon Karma (on Sol) - Airdrop Icon AlttC (on Sol) Icon Get your coin listed here

« previous next »
Pages: [1]   Go Down

Author Topic: New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website  (Read 1361 times)

Offline Magician

  • Hero Member
  • *
  • Activity: 723
  • points:
    2935
  • Karma: 11
  • Trade Count: (0)
  • Referrals: 0
    • Last Active: December 31, 2024, 02:46:26 PM
    • View Profile

    • Total Badges: 19
    Badges: (View All)
    Sixth year Anniversary Fifth year Anniversary Fourth year Anniversary
New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website
« on: June 06, 2019, 03:37:06 PM »

Twitter user and malware researcher Fumik0_ has discovered a new website that spreads cryptocurrency malware, according to a report by Bleeping Computer on June 5.

According to the report, the host for transmitting these viruses is a website that imitates the website for Cryptohopper, a website where users can program tools to perform automatic cryptocurrency trading.

When the scam site is visited, it reportedly automatically downloads a setup.exe installer, which will infect the computer once it runs. The setup panel will also display the logo of Cryptohopper in another attempt to trick the user.

Running the installer is said to install the Vidar information-stealing Trojan, which further installs two Qulab trojans for mining and clipboard hijacking. The clipper and miners are then deployed once every minute in order to continuously collect data.

The Vidar information-stealing trojan itself will attempt to scrape user data such as browser cookies, browser history, browser payment information, saved login credentials, and cryptocurrency wallets. The information is periodically compiled and sent to a remote server, after which the compilation is deleted.

The Qulab clipboard hijacker will attempt to substitute its own addresses in the clipboard when it recognizes that a user has copied a string that looks like a wallet address. This allows cryptocurrency transactions initiated by the user to get redirected to the attacker’s address instead.

This hijacker has address substitutions available for ether (ETH), bitcoin (BTC), bitcoin cash (BCH), dogecoin (DOGE), dash (DASH), litecoin (LTC), zcash (ZEC), bitcoin gold (BTG), xrp, and qtum.

One wallet reportedly associated with the clipper has received 33 BTC, or $258,335 at press time, via the substitution address ‘1FFRitFm5rP5oY5aeTeDikpQiWRz278L45,’ although this may not all have come from the Cryptohopper scam.

As previously reported by Cointelegraph, a YouTube-based crypto scam campaign was discovered in May, luring in victims with the promise of a free BTC generator. After users ran the alleged BTC generator, which was automatically downloaded by visiting the associated website, they would be infected with a Qulab trojan. Then, the Qulab trojan would attempt to steal user information and run a clipboard hijacker for crypto addresses.

Source
Logged

Altcoins Talks - Cryptocurrency Forum

New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website
« on: June 06, 2019, 03:37:06 PM »

This is an Ad. Advertised sites are not endorsement by our Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise Here

Pages: [1]   Go Up
« previous next »
 

ETH & ERC20 Tokens Donations: 0x2143F7146F0AadC0F9d85ea98F23273Da0e002Ab
BNB & BEP20 Tokens Donations: 0xcbDAB774B5659cB905d4db5487F9e2057b96147F
BTC Donations: bc1qjf99wr3dz9jn9fr43q28x0r50zeyxewcq8swng
BTC Tips for Moderators: 1Pz1S3d4Aiq7QE4m3MmuoUPEvKaAYbZRoG
Powered by SMFPacks Social Login Mod