Crypto Scam Alert: Youtube Videos Promoting "Bitcoin Generator" Really Pushing Malware (May 29, 2019)
A new cryptomining campaign has been discovered by a researcher called “Frost,” that uses Youtube to persuade users to download a “Bitcoin generator”. Once the user clicks on the download link, they are directed to download and run a Setup.exe file, which will infect their machine with the “Qulab” trojan. The Qulab Trojan attempts to steal data from user’s browser including history, cookies and social media credentials, saved credentials, including .txt, .mafiles and .wallet files. Clipboard data is also stolen by Qulab, which can contain cryptocurrency addresses, the attacker can then change the victims public key, sending their crypto to the attackers wallet instead.
Recommendation: Users should always exercise caution when downloaded anything from the internet and only from trusted sources, avoid clicking links from Youtube. In addition, having anti-virus software is highly recommended.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.