New Malware Campaign Spreads Trojans Through Clone Crypto Trading Website

Twitter user and malware researcher Fumik0 has discovered a new website that spreads cryptocurrency malware, according to a report by Bleeping Computer on June 5.According to the report, the host for transmitting these viruses is a website that imitates the website for Cryptohopper, a website where users can program tools to perform automatic cryptocurrency trading.

Exe installer, which will infect the computer once it runs.

The setup panel will also display the logo of Cryptohopper in another attempt to trick the user.

Running the installer is said to install the Vidar information-stealing Trojan, which further installs two Qulab trojans for mining and clipboard hijacking.

The Vidar information-stealing trojan itself will attempt to scrape user data such as browser cookies, browser history, browser payment information, saved login credentials, and cryptocurrency wallets.

The Qulab clipboard hijacker will attempt to substitute its own addresses in the clipboard when it recognizes that a user has copied a string that looks like a wallet address.

This allows cryptocurrency transactions initiated by the user to get redirected to the attacker's address instead.This hijacker has address substitutions available for ether, bitcoin, bitcoin cash, dogecoin, dash, litecoin, zcash, bitcoin gold, xrp, and qtum.

As previously reported by Cointelegraph, a YouTube-based crypto scam campaign was discovered in May, luring in victims with the promise of a free BTC generator.

After users ran the alleged BTC generator, which was automatically downloaded by visiting the associated website, they would be infected with a Qulab trojan.

The Qulab trojan would attempt to steal user information and run a clipboard hijacker for crypto addresses.