The first video appeared on the channel in December 2018. Over the time of existence, the account scored 25 thousand views, of which 11 thousand accounted for the video about the “free Bitcoin generator”. In the video, the user inserts certain characters into the source code of the page on the cryptocurrency management site. After that, the amount of money in the wallet on the screen starts to grow.
In second place by the number of views is a guide to working with a program that supposedly allows pulling cryptocurrency from any BTC and ETH wallets.
“Users just enter the desired amount and address of the sender. After paying the transaction fee, the money will come to the specified wallet”, – assure scammers.
In addition to obviously fraudulent programs, the channel promotes several supposedly legitimate utilities – mostly bots for traders. Under all published videos added identical links to several file-sharing services. They lead to a ZIP archive with three folders and a setup.exe file. This is the payload – the Predator infostiller trojan.
Read also: Criminals give links to RAT trojan in WebEx invitations
For the first time information security specialists noticed this malware in October 2018, when an independent researcher with the nickname fumik0 spoke about Predator.
Predator is a relatively primitive spy. Its creators sell the program on underground sites for $30 – less than the competing Vidar and HawkEye.
For this money, customers get the opportunity to steal passwords, cookies, payment and credentials from more than 25 browsers, as well as record video from a webcam. Attackers also promise keylogging, but in fact Predator only steals the clipboard.
“This malware can threaten private users and small companies as it is not able to bypass corporate level protection. The main feature of the Trojan is regular updates, so antivirus solutions may not recognize the threat in the next version of Predator“, – say security experts.
To complicate the detection even more, the creators of the malware obfuscated its code and added some protective functions. Therefore, before starting work, the spy checks the name of the video card and the list of loaded DLLs. Thus, Predator determines that it is in the sandbox.
Attackers have long been using YouTube to promote malware. In 2018, many videos were discovered on video hostings, in which gamers allegedly installed Fortnite online shooter on Android smartphones. Later, fans of Apex Legends suffered similar attacks – criminals promised them the opportunity to run the game on mobile devices, although it only works on Windows, PlayStation 4 and Xbox One. Users who followed the instructions of fraudsters received unwanted applications on their devices.
Information security specialists remind users of the dangers of unknown programs, especially if they are promoting it as a means of quick moneymaking.
Victims of Predator urgently need to change passwords on social networks and payment services, as well as gaming platforms like Steam and Battle.net – such resources are increasingly becoming a desirable target for cybercriminals.
About News-bpudepi.today News-bpudepi.today pop-ups can not launch out of the blue. If you have actually…
About Doguhtam.xyz Doguhtam.xyz pop-ups can not expose out of nowhere. If you have clicked some…
About News-xlixoti.com News-xlixoti.com pop-ups can not introduce out of nowhere. If you have actually clicked…
About Ducesousightion.com Ducesousightion.com pop-ups can not introduce out of the blue. If you have actually…
About News-xlabica.live News-xlabica.live pop-ups can not launch out of the blue. If you have actually…
About Mergechain.co.in Mergechain.co.in pop-ups can not expose out of the blue. If you have clicked…