Home » News » Trojan Predator The Thief attacks easy money lovers and cryptocurrency hunters

Trojan Predator The Thief attacks easy money lovers and cryptocurrency hunters

An independent IS researcher discovered a fraudulent campaign on YouTube, which spreads the spyware Trojan Predator the Thief (also known as Predator). The Trojan attacks easy-earners and cryptocurrency hunters.

Attackers masks the malware as cryptocurrency mining, trading and financial management programs, and even promise users access to other people’s BTC wallets.

The first video appeared on the channel in December 2018. Over the time of existence, the account scored 25 thousand views, of which 11 thousand accounted for the video about the “free Bitcoin generator”. In the video, the user inserts certain characters into the source code of the page on the cryptocurrency management site. After that, the amount of money in the wallet on the screen starts to grow.

In second place by the number of views is a guide to working with a program that supposedly allows pulling cryptocurrency from any BTC and ETH wallets.

“Users just enter the desired amount and address of the sender. After paying the transaction fee, the money will come to the specified wallet”, – assure scammers.

In addition to obviously fraudulent programs, the channel promotes several supposedly legitimate utilities – mostly bots for traders. Under all published videos added identical links to several file-sharing services. They lead to a ZIP archive with three folders and a setup.exe file. This is the payload – the Predator infostiller trojan.

Read also: Criminals give links to RAT trojan in WebEx invitations

For the first time information security specialists noticed this malware in October 2018, when an independent researcher with the nickname fumik0 spoke about Predator.

READ  Vulnerability in the plugin for WordPress allowed to execute PHP-code remotely

Predator is a relatively primitive spy. Its creators sell the program on underground sites for $30 – less than the competing Vidar and HawkEye.

For this money, customers get the opportunity to steal passwords, cookies, payment and credentials from more than 25 browsers, as well as record video from a webcam. Attackers also promise keylogging, but in fact Predator only steals the clipboard.

“This malware can threaten private users and small companies as it is not able to bypass corporate level protection. The main feature of the Trojan is regular updates, so antivirus solutions may not recognize the threat in the next version of Predator“, – say security experts.

To complicate the detection even more, the creators of the malware obfuscated its code and added some protective functions. Therefore, before starting work, the spy checks the name of the video card and the list of loaded DLLs. Thus, Predator determines that it is in the sandbox.

Attackers have long been using YouTube to promote malware. In 2018, many videos were discovered on video hostings, in which gamers allegedly installed Fortnite online shooter on Android smartphones. Later, fans of Apex Legends suffered similar attacks – criminals promised them the opportunity to run the game on mobile devices, although it only works on Windows, PlayStation 4 and Xbox One. Users who followed the instructions of fraudsters received unwanted applications on their devices.

How to avoid becoming a victim of scammers?

Information security specialists remind users of the dangers of unknown programs, especially if they are promoting it as a means of quick moneymaking.

READ  Delete Sdiagprv.exe CPU Miner

Victims of Predator urgently need to change passwords on social networks and payment services, as well as gaming platforms like Steam and Battle.net – such resources are increasingly becoming a desirable target for cybercriminals.

[Total: 0    Average: 0/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Android Spyware CallerSpy

CallerSpy spyware masks as an Android chat application

Trend Micro experts discovered the malware CallerSpy, which masks as an Android chat application and, …

Microsoft Authorization System Vulnerability

Vulnerability in Microsoft Authorization System Allows Hacking Accounts

Security researchers from the Israeli company CyberArk discovered a vulnerability in the Microsoft authorization system, …

Leave a Reply