A new website that is spreading crytocurrency malware was recently discovered by Fumiko0_ , a malware researcher and twitter user.
Reportedly, the malware was able to spread because it managed to make itself look like the cryptohopper website, a site that gives users program tools to perform automatic cryptocurrency trading. Cryptohopper is one of the best trading bot for buying and selling Bitcoin and other altcoin. It can also detect the best position and time either to go long or to go short for traders.
To lure users, Hijackers therefore took advantage of the legal cryptohopper cryptocurrency trading platform. Using the fake site, hackers managed to automatically download a setup.exe installer, which transmitted the virus to the user’s device. Once the virus infects the device, hacker gained access to user’s cyptocurrencies. The setup panel also exhibited a cryptohopper logo with intention of dodging the users.
The setup-exe installer further installs the clipboard hijacking which is the clipper and Qulab trajon for mining they are then positioned after every one minute in order for them to collect data nonstop. The installer also installs the Vidar information that is therefore used to steal Trajon.
The next step is whereby User data such as browser history, browser payment information, browser cookies, saved login credentials, and also cryptcurrency wallets are later dragged by the Vidar information-stealing trajon, whereby it collect all the significance details needed and move them to a remote server and later delete the compilation.
The hijackers also own addresses that replaced the available cryptocurrency for ether (ETH), Bitcoin (BTC), Bitcoin cash (BCH), dogecoin (DOGE), litecoin (LTC), Bitcoin gold (BTG) ripple (XRP) and qtum.
Supposedly, one wallet connects with the clipboard hijacking it immediately gain or receive 33 BTC, or $258,335 through the replaced adress’1FFRitFm5Rp5Oy5aeTeDiKpQiWRz278L45,’
The Hijacking may not always be influenced by the cryptohopper scam but may also come from a YouTube-based crypto scam campaign that was discovered back in May. This was as a result of promising users a free BTC generator.
The user is then blinded with the promise and run the supposed to be BTC generator that is automatically downloaded by visited website. Followed by the user’s computers being infected by the Qulab trojanwhich is a virus that later on steals the user information and run the clipper for crypto addresses.