BSV
$63.67
Vol 148.53m
12.14%
BTC
$89765
Vol 140861.51m
2.18%
BCH
$431.98
Vol 958.78m
1.45%
LTC
$74.89
Vol 1025.36m
-0.11%
DOGE
$0.38
Vol 29472.93m
-1.92%
Getting your Trinity Audio player ready...

Cybercriminals are now using a fake cryptocurrency trading site to spread malware, a report by Bleeping Computer has revealed. The malware distributors have cloned the Cryptohopper website. Once a user visits the site, the criminals infect his device with trojans, cryptojacking malware and clipboard hijackers.

The new malware distribution campaign was discovered by one malware researcher who goes by Fumik0 on Twitter. Once a user visits the clone Cryptohopper website, a file, Setup.exe is automatically downloaded and executed on his device. The file uses the Cryptohopper logo to cover up its identity and keep the victims from being suspicious.

Cryptohopper is a crypto trading platform where users build models that are used for automated trading of cryptos.

Once executed, the trojan will then download more malware, installing two Qulab trojans. One of the Qulab trojans acts as a miner, while the other acts as a clipboard hijacker. The criminals further schedule the trojans, launching the miner and the clipboard hijacker every minute.

The malware then moves on to the next phase, and perhaps the most lethal one: collecting data from the device. It uploads the data on to a remote server which the criminals then access and download the data from. Some of the information that it targets include browser cookies, text files, crypto wallets, browser history, payment information, saved login credentials, form auto-fill information and two-factor authentication databases. Once this information is uploaded to the remote server, it’s deleted from a user’s device to cover up the criminals’ track.

And that’s not all. The malware also installs a clipboard hijacker, sometimes referred to as a clipper. This malware detects any text copied onto the Windows clipboard and has the ability to copy or change it. As crypto addresses are usually long and difficult to remember, most people just copy and paste them. The clipper malware targets such people, substituting the legitimate address for one that belongs to the criminals. As most people don’t check to confirm that the address is the right one, they end up sending the cryptos to the criminals.

According to the report, at press time, the criminals had amassed 1,094 XRP tokens, 4 LTC tokens, 0.1 DASH tokens, and an eye-catching 32.8 BTC tokens. Collectively, they are worth over $258,000.

The Cryptohopper website isn’t the first legitimate website that criminals have cloned so as to spread malware. Others include G-Cleaner, a fake Windows system cleaner and Pirate Chick, a fake VPN software site. Users are advised to confirm the URL of every site they visit to keep themselves safe against such tactics.

Recommended for you

ODHack 9.0: Better wallet, easy testnet coins for developers
OnlyDust's ODHack 9.0 hackathon event provides developers building on the BSV blockchain with new ways to test their applications without...
November 8, 2024
BSV joins Linux Foundation to advance open standards
The BSV Association has partnered with the Linux Foundation to advance its objective of promoting development that adheres to BSV...
November 6, 2024
Advertisement
Advertisement
Advertisement