Illegitimate Trading Site Pushes Crypto Stealing Malware

Hello Ninjas! We should all be extra cautious when downloading/installing software off the internet. Cryptocurrency is a fantastic investment, and because of this the internet is filled with fraudsters trying to take away your hard earned coins, I hope that with time crypto trading platforms would have better security so its users can trade without the fear of being hijacked or robbed.

Fumiko_ a twitter user and malware researcher, discovered a new website that spreads cryptocurrency malware, this site impersonates Cryptohopper cryptocurrency trading platform in order to distribute malware such as Trojan, miners and clipboard hijackers to steal information from the affected computers according to a report published on the 5th of June.

When a user visits the cloned site, it automatically downloads a setup.exe installer, and when running on the system, the computer becomes infected. The setup panel also displays the logo of the Cryptohopper site in order to deceive its user.

Running the setup.exe installer would also install the Vidar Trojan which steals information from its user, and also installs two Qulab Trojans for mining and clipboard hijacking. After installation, the Clippers and miners are said to be deployed every minute in other to collect data continuously.

The Vidar information-stealing Trojan attempts to steal its user data such as browser cookies, browser payment information, browser history, cryptocurrency wallets, and saved login credentials; the following information is then compiled and sent to a remote server before the compilation is deleted from a user’s computer.

When the Gulab clipboard hijacker malware recognizes that a user has copied a string that looks like a wallet address it will attempt to replace the address with its address in the clipboard, allowing the user transactions to get redirected to the address of the attacker. The hijacker reportedly has address substitutions for ether (ETH), Bitcoin (BTC), Bitcoin cash (BCH), dogecoin (DODGE), Dash (DASH), Litecoin (LTC), cash (ZEC), Bitcoin gold (BTG) xrp and quantum.

Don’t always forget to holla at Ninja Discord anytime to talk about cryptocurrency. You can as well check out our exclusive Ninja coin giveaways and Trading View analysis.


Leave a comment

Please note, comments must be approved before they are published