Being disguised as a Bitcoin generator tool through a promotional video on YouTube, Qulab malware is being dropped on users’ devices. The Qulab Malware itself has multiple functions. On the info stealer side, it is able to steal the browser history, saved browser credentials, browser cookies, saved credentials in FileZilla, Discord credentials, and Steam credentials. In some instances, it even attempts to steal .txt, maFile, and .wallet files. The malware can also monitor the Windows clipboard and then changes it when it detects different data. In this situation it looks for crypto addresses that are added and then it changes them to addresses of the attackers, then it is transferred to them through Telegram. A series of videos are uploaded by attackers as a promotion for the faulty Bitcoin generator. Included in the description of the video is a link to download the Bitcoin tool. After the link is clicked, it takes users to a page which has the setup.exe file and once it is running, the malware is dumped on their device. After it is executed it adds itself to %AppData%\amd64_microsoft-windows-netio-infrastructure\msaudite.module.exe. It can then run itself from there.