The Qulab information-stealing and clipboard hijacker trojan is being propagated on YouTube by way of fraudulent movies about an allegedly free bitcoin (BTC) generator, BleepingComputer reports on Might 29.
Based on the report, safety researcher Frost reached out to BleepingComputer concerning the trojan rip-off, saying that YouTube would take down the fraudulent movies when reported, however new accounts and movies would subsequently pop up with the identical MO.
The movies reportedly describe a software that lets customers earn free bitcoin, with a hyperlink within the video description. The hyperlinks then direct to a obtain for the alleged software, which is the Qulab trojan. After downloading, the trojan truly must be put in to ensure that it to be deployed.
Along with trying to steal a plethora of consumer info, the Qulab trojan may also reportedly try and sneakily steal cryptocurrency for the dangerous actor by scanning for strings copied to the Home windows clipboard which this system acknowledges as crypto addresses, after which substituting within the attacker’s tackle as an alternative.
If a consumer pastes that string into an internet site subject to specify the place their funds are spent, they'll paste within the attacker’s string as an alternative and direct the funds there.
The warning signifies that this can be a viable technique, since customers are reportedly unlikely to recollect or visually register that their meant crypto tackle — an extended string of characters — has been swapped out for a special one.
Based on a report by Fumko, there's a lengthy listing of crypto addresses the trojan can acknowledge, together with ones for bitcoin, bitcoin cash, cardano, ether, litecoin, monero, and extra.
As beforehand reported by Cointelegraph, YouTube purportedly marketed malware disguised as an commercial for bitcoin wallet Electrum in March. Reddit consumer mrsxeplatypus described the rip-off, predicated on URL hijacking, as follows:
“The malicious commercial is disguised to appear to be an actual Electrum commercial [...] It even tells you to go to the right hyperlink (electrum.org) within the video however if you click on on the commercial it instantly begins downloading the malicious EXE file. As you'll be able to see within the picture, the URL it despatched me to is elecktrum.org, not electrum.org.”
