New crypto malware being offered through YouTube
A video showing how to download a “crypto generator” only offers malware
Stay away from snake oil, even if it’s the virtual kind. A new video has surfaced on YouTube promising to offer a so-called “cryptocurrency generator” that allows users to effectively create their own Bitcoin. However, anyone that downloads the supposed generator is actually downloading a dangerous malware that can steal anything from crypto wallet addresses to banking information.
The video starts off by hyping up what could be earned by using the generator and points viewers to a website where the app can be downloaded. However, the app actually contains the Qulab malware, which can steal almost anything and can act as a hijacking trojan.
If installed, Qulab is copied to %AppData%\amd64_microsoft-windows-netio-infrastructure\msaudite.module.exe, where it launches its activities. From there, it scours the computer, grabbing browser history data, cookies and browser credentials, as well as credentials associated with FileZilla, Steam and Discord, if they exist. Additionally, the software is capable of steal any .txt, .maFile or .wallet file from the computer.
Qulab also locates Windows Clipboard and replaces it with its own version. It now has the capability to record anything copied to the clipboard, including crypto wallet addresses when sending funds. All of the information collected is sent over Telegram to the hacker.
It isn’t clear how many computers may have already been infected or how much damage may have already been done. However, the problem isn’t going away. Every time YouTube has been informed of the issue, it takes down the offending video, only to find a new one pop up from a new fake user account. There’s no such thing as a free lunch and there’s no such thing as free crypto. Don’t be a victim.