BSV
$69.63
Vol 83.94m
-2.05%
BTC
$96435
Vol 60049.5m
-0.02%
BCH
$512.45
Vol 530.23m
-1.17%
LTC
$97.13
Vol 629.62m
-0.94%
DOGE
$0.4
Vol 6060.61m
-4.46%
Getting your Trinity Audio player ready...

Cybercriminals are now using a fake cryptocurrency trading site to spread malware, a report by Bleeping Computer has revealed. The malware distributors have cloned the Cryptohopper website. Once a user visits the site, the criminals infect his device with trojans, cryptojacking malware and clipboard hijackers.

The new malware distribution campaign was discovered by one malware researcher who goes by Fumik0 on Twitter. Once a user visits the clone Cryptohopper website, a file, Setup.exe is automatically downloaded and executed on his device. The file uses the Cryptohopper logo to cover up its identity and keep the victims from being suspicious.

Cryptohopper is a crypto trading platform where users build models that are used for automated trading of cryptos.

Once executed, the trojan will then download more malware, installing two Qulab trojans. One of the Qulab trojans acts as a miner, while the other acts as a clipboard hijacker. The criminals further schedule the trojans, launching the miner and the clipboard hijacker every minute.

The malware then moves on to the next phase, and perhaps the most lethal one: collecting data from the device. It uploads the data on to a remote server which the criminals then access and download the data from. Some of the information that it targets include browser cookies, text files, crypto wallets, browser history, payment information, saved login credentials, form auto-fill information and two-factor authentication databases. Once this information is uploaded to the remote server, it’s deleted from a user’s device to cover up the criminals’ track.

And that’s not all. The malware also installs a clipboard hijacker, sometimes referred to as a clipper. This malware detects any text copied onto the Windows clipboard and has the ability to copy or change it. As crypto addresses are usually long and difficult to remember, most people just copy and paste them. The clipper malware targets such people, substituting the legitimate address for one that belongs to the criminals. As most people don’t check to confirm that the address is the right one, they end up sending the cryptos to the criminals.

According to the report, at press time, the criminals had amassed 1,094 XRP tokens, 4 LTC tokens, 0.1 DASH tokens, and an eye-catching 32.8 BTC tokens. Collectively, they are worth over $258,000.

The Cryptohopper website isn’t the first legitimate website that criminals have cloned so as to spread malware. Others include G-Cleaner, a fake Windows system cleaner and Pirate Chick, a fake VPN software site. Users are advised to confirm the URL of every site they visit to keep themselves safe against such tactics.

Recommended for you

Russia proposes winter BTC mining ban until 2031
A commission led by Deputy Prime Minister Alexander Novak has proposed banning block reward mining in Siberia from November to...
November 28, 2024
BTC miner DMG Blockchain expands after $16M fundraising
The Canadian company has purchased Bitmain hydro miners for $5 million, which will be installed in February, bringing its total...
November 26, 2024
Advertisement
Advertisement
Advertisement