A new scam discovered by security researcher “Frost,” who routinely monitors YouTube videos for cryptocurrency scams that lead to malware, is underway on YouTube using videos to promote a tool that can allegedly generate the private key for a Bitcoin wallet address. The cybercriminals claim that this key would allow users to gain access to the bitcoins stored in the wallet address when in reality the victims will be infected with a password and information-stealing Trojan. In this particular case, the downloads lead the “Predator the Thief” information-stealing Trojan. The file offered for download is called Crypto World.zip and when extracted, contains a setup.exe file containing the Trojan. This setup.zip file currently has only one out of 71 detections on VirusTotal, meaning that it is very unlikely that a victim’s anti-virus will detect the file as a threat. Once the Predator the Thief information-stealing Trojan is installed and executed on a victim’s computer, the Trojan will communicate with its command and control server to download further components, other malware, and to send information back to the attackers. This Trojan can steal a variety of information including passwords, copying the victim’s clipboard, recording the webcam and stored files.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is