A cybersecurity researcher, Frost, has published information about a new Bitcoin trojan horse malware that is being distributed via YouTube videos.
3 June, 2019, | AtoZ Markets - As the value of cryptocurrency continues to rise, a new form of malware has grown in popularity. According to BleepingComputer, scammers have posted a series of infected free bitcoin video generators. The content includes a download link (https://freebitco.in) that redirect a user to the file Setup.exe. On startup, it installs the Qulab trojan on the victim device.
What can Bitcoin Trojan malware do?
Once installed, the trojan gains access to the browser cookies, steal information from the browser history, and obtain the saved credentials on the browser such as FileZilla, Discord and Steam login details.
Qulab trojan is also programmed to steal .txt, .maFile, and .wallet files from the infected computer. Qulab secretly monitors the victim’s Windows clipboard for copied data, such as cryptocurrency wallets addresses, and, as soon as it finds them, it quickly replaces them with the addresses of intruders. Thus, the funds sent by the victim will go to the address of the hacker, and not the intended recipient.
The researchers found that Qulab supports a wide range of addresses, including BTC, DASH, XMR, STRAT, LTC, etc.
This campaign was discovered by a security researcher, Frost, who has been tracking the malware for 15 days. However, even after several attempts of notifying YouTube who has then been taking down these videos, the perpetrators create other usernames and upload more of the videos repeatedly.
At the moment, YouTube users who have fallen victim are advised to immediately change all their passwords.
Crypto malware, a growing epidemic
Recently, crypto technology has been getting a lot of buzz on crypto-malware attacks. Crypto malware is a program that actually performs criminal crypto mining. It is one of the latest malware threats, and it’s particularly insidious because it can go about doing its work completely undetected. The goal of a crypto-malware isn’t to steal data – it is to remain in place for as long as possible, quietly mining in the background.
In 2018, attacks on crypto users were widespread. So-called cryptojackers used to mine cryptocurrency through installing secret malware on the victim's devices. In the first half of the last year, the number of malware detected increased by 500%.
Meanwhile, a recent study has shown that an increasing number of malware for mining cryptocurrencies is still aimed at large corporations, hijacking victims for alt-mine Monero (XMR). Recently detected Romanian group of hackers called Outlaw, as Palo Alto Networks study showed supposedly disables the Linux users cloud security measures to prevent detection of the malicious programs.
Earlier, AtozMarkets reported on the malware threat that was uncovered by the cybersecurity department of Palo Alto Networks, Unit 42. According to the report, they revealed that Isreali Fintech companies are being targeted by an older version of the Cardinal Malware. Cardinal is a Remote Access Trojan (RAT) which enables attackers to take remote control of the victim's system.
The impact of Cryptojacking
Since criminal cryptomining and cryptojacking are generally not about stealing data, they may be easier for some to dismiss. However, mining cryptocurrency puts a substantial amount of wear on a system. It eats up bandwidth and processing power, thereby slowing down your systems and potentially impacting productivity as a result. Companies that ignore cryptomining may see the graphics cards in their computers die, the processors burn out, or the memory starting to act erratically.
Crypto-malware is insidious because it often goes undetected for long periods of time. Crypto-malware may be, for example, hidden within other useful programs, and consequently, the user may never notice that their system has been impacted. As a program or application runs, it can be mining coins in the background.
How to avoid Bitcoin Trojan malware?
The first step towards protection is to avoid the cyber-crook’s siren call, steer clear of mysterious websites that beckon you with offers that sound too good to be true. Ads and links are everywhere on the Internet. A large percentage of them belong to cyber-crooks, and these ne’re-do-wells now aim at a younger age demographic. Millennials from 18 to 34 seem to be their target “sweet spot”. Stay vigilant and skeptical at all times!
Think we missed something? Let us know in the comments section below.