A cybersecurity researcher, Frost, has published information about new malware that is being distributed via YouTube videos.
All videos on their description have their link to download a file as quoted
“Download soft http://pc(.)cd/OzvrtalK” Link is identical on all videos.
— Frost (@x42x5a) 27 мая 2019 г.
According to BleepingComputer, scammers have posted a series of infected free bitcoin video generators. The content includes links that redirect a user to the file Setup.exe. On startup, it installs the Qulab trojan on the victim device.
Once installed, the trojan steals the victim’s browser history and other data. Qulab is also programmed to steal .txt, .maFile, and .wallet files.
Qulab secretly monitors the victim’s Windows clipboard for copied data, such as cryptocurrency wallets addresses, and, as soon as it finds them, it quickly replaces them with the addresses of intruders. Thus, the funds sent by the victim will go to the address of the hacker, and not the intended recipient.
The researchers found that Qulab supports a wide range of addresses, including BTC, DASH, XMR, STRAT, LTC, etc.
YouTube users who were compromised are advised to immediately replace all passwords.
We want to remind you: