- Several youtube videos were caught promoting crypto stealing malware
- The videos give tutorials on how to generate free bitcoins but instead lets users install the Qulab Trojan
- As more new people enter the space, scams are on the rise
This week, BleepingComputer reported about a recent malware scam discovered in YouTube videos that promise to generate free bitcoins, but in reality, this campaign pushes the Qulab information-stealing Trojan that can also hijack information from clipboards.
This campaign was discovered by a security researcher, Frost, who has been tracking the malware for 15 days. However, even after several attempts of notifying YouTube who have then been taking down these videos, the perpetrators create other usernames and upload more of the videos repeatedly.
If it promises ‘free Bitcoin’, it’s a scam
The contents of the videos give details on how one could swoop in fee bitcoins using a “bitcoin generator” tool. The download link (https://freebitco.in) to this tool, which turns out to be the Qulab trojan, is given under the description of the video.
When a user downloads and installs the trojan, it gains access to the browser cookies, steal information from the browser history, and obtain the saved credentials on the browser such as FileZilla, Discord and Steam login details. The Qulab Trojan also contains a code that can steal .maFile, .txt, and .wallet files from a computer.
Malware is a blight on crypto
Qulab can also hijack information stored on the windows clipboard. It can monitor the Windows clipboard for specific data (in this case, cryptocurrency addresses) then swap it with different data (attacker’s crypto address) that will direct funds to their wallets.
This campaign seems feasible because cryptocurrency addresses contain long strings of numbers and letters which is hard to remember. Hence, a user may not notice if the address they have copied to the clipboard has been changed when pasting on the browser therefore end up sending their funds to the attacker.
Remedy: According to BleepingComputer, if you have fallen victim to this Trojan, you are advised to change all your passwords immediately.