Crypto thieves are now embedding Qulab, the information-stealing and clipboard hijacking Trojan in YouTube videos promoting a fake Bitcoin generator tool, in a bid to steal victims’ bitcoin and other virtual currencies, according to a report by BleepingComputer on May 29, 2019.
Hackers LaunchYouTube Bitcoin Trojan
Per sources close to the matter, bad actors have developed a new campaign on YouTube that promotes a scam bot to deceive gullible YouTubers into downloading the app. The application’s sole aim is to steal the digital assets and other sensitive information by hijacking the computer’s clipboard.
Reportedly, the latest campaign which was discovered by Frost, a security researcher, uses YouTube videos to promote a fake bitcoin generator tool that promises users free cryptos for doing nothing.
The program is a malware housing the Qulab Trojan, a deadly information-stealing and clipboard-hijacking program.
According to BleepingComputer, the fraudsters usually upload a series of videos embedded with Trojans in the form of a free bitcoin generator tool. The videos come with links that direct a user to the Setup.exe file, which in turn installs the Qulab Trojan on the victim’s device when it is downloaded and run.
Once the Qulab Trojan gets executed, it reportedly copies itself to the “%AppData%\amd64_microsoft-windows-netio-infrastructure\msaudie.module.exe” directory and launches itself automatically from that location.
Qulab will then try to steal the victim’s browser history, saved browser credentials, cookies, credentials saved in FileZilla, Discord credentials, as well as Steam login details. The Qulab Trojan also has the capability to steal .txt, .maFile, and .wallet files from a victim’s computer.
Qulab stealthily monitors the victim’s Windows clipboard for copied data such as crypto wallet addresses and once it finds one, it quickly replaces it with the hackers’ wallet address and sends it to the fraudsters via Telegram.
This way, a victim will end up sending the funds to the wallet address controlled by the bad actors instead of the intended recipient.
The researchers have revealed that Qulab Trojan supports a vast array of bitcoin and altcoin wallet addresses including bitcoin cash, dash, monero, stratis, litecoin and a host of others.
Affected YouTube users have been advised to change all the passwords used on all their financial accounts immediately. With the price of bitcoin and other cryptocurrencies aiming for the moon once again, it has become essential for crypto hodlers to be extra careful in their dealings online.
As reported by BTCManager on May 28, 2019, scammers have started organizing online bitcoin and ether giveaways in a bid to scam people.