According to a recent report by BleepingComputer, the Qulab trojan, created to illegally acquire information, has once again made its appearance. This time using YouTube to propagate a series of fraudulent videos revealing information about the alleged availability of a free bitcoin (BTC) generator.
Their report indicates a security research expert Frost had reached out to the computer support site, BleepingComputer, regarding the trojan generated scam and stated that despite YouTube showing a quick reaction and taking down the suspect videos when reported, new accounts would sprout just as quickly, each containing more contaminated videos to proliferate the same MO.
Each video purportedly describes a tool that allows its user to earn free bitcoin, acquired via a link left in the video description below. When selected these links direct the user to a download for the supposed tool which requires the user to initiate the installation process to deploy the device with the Qulab trojan.
In addition to pilfering the user information contained on the device, the Qulab trojan will attempt to illegally relieve the device owner of any cryptocurrency they may possess by scanning the Windows clipboard for what the tool recognises as copied crypto addresses strings and substituting these with the bad actor’s address instead. If the unsuspecting user then copies & pastes that altered string into the website field specifying the entity and destination where the user wishes to spend their money the false string will then redirect the funds to the attacker’s chosen destination instead.
Expert opinions indicate this as a viable attack strategy since users would rarely remember an entire lengthy address string with any accuracy, or even should they recall these finer details are still unlikely to visually register the newly generated variances in their expected crypto address.
This poses a very real danger to persons using cryptocurrencies to fund their online entertainment activities, especially if used for funding sports betting wagers at one of the thousands of unknown sportsbooks. However, when researching information on sportsbooks through https://efirbet.com/en/william-hill/ , it became apparent that through the selection of a trustworthy new betting partner, those dangers can be avoided.
According to a security report by Fumko, Qulab can recognise a lengthy list of crypto addresses including the likes of bitcoin cash, bitcoin, ether, cardano, monero, Litecoin, and many of the other less popular variants. In previous reports during March by Cointelegraph, the YouTube videos allegedly advertised malware made to appear as a valid advertisement for the bitcoin wallet Electrum.
A Reddit user going by the moniker mrsxeplatypus wrote a description detailing the swindle based on a URL hijacking. The description states the advertisement containing the malicious link appears similar to a genuine Electrum advertisement, including the link description pointing in the correct site in the video namely electrum.org but when selected instantly initiates a download of the malicious EXE file. However, a minute difference only visible to the trained eye exists, if studied with care, the malicious URL shows as elecktrum.org and not the correct electrum.org.