A new scam discovered by security researcher “Frost,” who routinely monitors YouTube videos for cryptocurrency scams that lead to malware, is underway on YouTube using videos to promote a tool that can allegedly generate the private key for a Bitcoin wallet address. The cybercriminals claim that this key would allow users to gain access to the bitcoins stored in the wallet address when in reality the victims will be infected with a password and information-stealing Trojan.
In this particular case, the downloads lead the “Predator the Thief” information-stealing Trojan. The file offered for download is called Crypto World.zip and when extracted, contains a setup.exe file containing the Trojan. This setup.zip file currently has only one out of 71 detections on VirusTotal, meaning that it is very unlikely that a victim’s anti-virus will detect the file as a threat. Once the Predator the Thief information-stealing Trojan is installed and executed on a victim’s computer, the Trojan will communicate with its command and control server to download further components, other malware, and to send information back to the attackers. This Trojan can steal a variety of information including passwords, copying the victim’s clipboard, recording the webcam and stored files.
If a person falls victim to this or any Trojan, the victim should immediately use a different, non-infected computer to change all passwords for financial accounts, websites, chat services and gaming services such as Steam and Battle.net. Password managers can assist users in creating unique and strong passwords for every login. It is a good idea to cover the built-in webcam when not in use to prevent it from being abused by attackers; many trojans, including Predator the Thief, can record pictures or videos from webcams. Free cryptocurrency downloads should always be treated as suspect, the adage: “If it seems too good to be true, then it is” should be thought of every time there is an ad or download that promises anything for free.