A YouTube channel called “Crypto World” has reportedly been spreading malware by baiting viewers with promises of free Bitcoin addresses.
Twitter user hxFrost broke the alleged scam which utilizes the “Predator the Thief” Trojan to steal data from victims.
#Youtube Video pushing #predator #stealer.
AV: 1/ 70
c2: http://198.199.124[.]10/login
hash: e1c89acf2bbe555687b7c98af63c891a @mal_share https://t.co/eD6Bpl6U4i@James_inthe_box @JAMESWT_MHT @BleepinComputer @P3pperP0tts @MisterCh0c @malwrhunterteam @JayTHL @JRoosen @fumik0_ pic.twitter.com/dD0VHSs4FJ— Frost (@fr0s7_) November 11, 2019
According to Lawrence Abrams, a computer forensics expert and the founder of BleepingComputer.com, the YouTube account hosts videos that advertise a program that allegedly cracks Bitcoin addresses by generating private keys. But the software actually infects victims with the data-stealing Trojan.
Says Abrams,
“In the video’s description will also be links to download the trojanized program from Yandex, Google Drive, and Mega.
The file being offered is called Crypto World.zip and when extracted contains a setup.exe file, which includes a password-protected ZIP file containing the Predator the Thief executable.”
The file will install and execute the Trojan on a computer.
Kapersky Lab reports that the Predator Trojan was designed and is sold cheaply by Russian-speaking individuals. It’s been detected numerous times in the wild, according to the cybersecurity firm.
Says Abrams,
“Once running, Predator the Thief will communicate with the malware’s command and control server to download further components, other malware, and to send information back to the attackers.
This Trojan can steal a variety of information and passwords from a computer, including copying the victim’s clipboard, recording over the webcam, and stealing files from the victim.”
The malware is also sold on hacking and game cheating forums, reports Fortinet.