New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website

A new website spreads crypto-stealing malware by imitating the website Cryptohopper, a legitimate website where users can program tools for automatic trading.

Twitter user and malware researcher Fumik0_ has discovered a new website that spreads cryptocurrency malware, according to a report by Bleeping Computer on June 5.

According to the report, the host for transmitting these viruses is a website that imitates the website for Cryptohopper, a website where users can program tools to perform automatic cryptocurrency trading.

When the scam site is visited, it reportedly automatically downloads a setup.exe installer, which will infect the computer once it runs. The setup panel will also display the logo of Cryptohopper in another attempt to trick the user.

Running the installer is said to install the Vidar information-stealing Trojan, which further installs two Qulab trojans for mining and clipboard hijacking. The clipper and miners are then deployed once every minute in order to continuously collect data.

The Vidar information-stealing trojan itself will attempt to scrape user data such as browser cookies, browser history, browser payment information, saved login credentials, and cryptocurrency wallets. The information is periodically compiled and sent to a remote server, after which the compilation is deleted.

The Qulab clipboard hijacker will attempt to substitute its own addresses in the clipboard when it recognizes that a user has copied a string that looks like a wallet address. This allows cryptocurrency transactions initiated by the user to get redirected to the attacker’s address instead.

This hijacker has address substitutions available for ether (ETH), bitcoin (BTC), bitcoin cash (BCH), dogecoin (DOGE), dash (DASH), litecoin (LTC), zcash (ZEC), bitcoin gold (BTG), xrp, and qtum.

One wallet reportedly associated with the clipper has received 33 BTC, or $258,335 at press time, via the substitution address ‘1FFRitFm5rP5oY5aeTeDikpQiWRz278L45,’ although this may not all have come from the Cryptohopper scam.

As previously reported by Cointelegraph, a YouTube-based crypto scam campaign was discovered in May, luring in victims with the promise of a free BTC generator. After users ran the alleged BTC generator, which was automatically downloaded by visiting the associated website, they would be infected with a Qulab trojan. Then, the Qulab trojan would attempt to steal user information and run a clipboard hijacker for crypto addresses.

Original Article

COMMENTS

Name

Adoption,2,Altcoin,1,Analysis,498,Bitcoin,1,Bitcoin Scams,2,Blockchain,2,Central Bank,2,Cryptocurrencies,4,Cryptocurrency Exchange,2,Ethereum,3,Government,2,Hyperledger,2,IBM,1,Iran,1,Japan,2,JPMorgan,1,Law,1,Malware,2,Markets,2,News,3262,Payments,1,Press Releases,338,Privacy,1,Quorum,1,Ransomware,2,SBI,1,Scams,2,Software,2,Sponsored,137,USA,1,
ltr
item
CryptoNomus: New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website
New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website
https://images.cointelegraph.com/images/528_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS9zdG9yYWdlL3VwbG9hZHMvdmlldy9iOGNkMGRmZjhhMjEzYmNhMmE0ODk0MTliYzk3ZjIxNi5qcGc=.jpg
CryptoNomus
https://www.cryptonom.us/2019/06/new-malware-campaign-spreads-trojans.html
https://www.cryptonom.us/
https://www.cryptonom.us/
https://www.cryptonom.us/2019/06/new-malware-campaign-spreads-trojans.html
true
4884201149675661183
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy