Fake Cryptohopper Website Distributes Malware to Steal Crypto

Thursday, 06/06/2019 | 13:00 GMT by Arnab Shome
  • The Trojans steal user information and upload them to a remote server.
Fake Cryptohopper Website Distributes Malware to Steal Crypto
Finance Magnates

Fraudsters have cloned the website of trading bot maker Cryptohopper to distribute malware to visitors’ computers, Bleeping Computer reported on June 5.

The fake website was first discovered by the malware researcher Fumik0_ who found out that it was injecting information-stealing Trojans, miners, and even clipboard hijackers.

Classic and sophisticated

When someone visits the scam website, it automatically downloads an executable file on the victim’s computer, and when it is installed, it infects the computer with the malware. The installation prompt even shows the logo of Cryptohopper to trick the victims.

Per the report, the installer installs a Trojan called Vidar. This steels information from the computer including browser cookies, browser history, browser payment information, saved login credentials, cryptocurrency wallets, text files, browser form autofill information, and Authy 2FA authenticator databases.

It also installs two more Qulab trojans for mining and clipboard hijacking. Both these Trojans are executed every minute to collect user data.

All the collected information is then uploaded to a remote server from where the attackers scrape the data.

The attackers are cautious enough to delete every piece of data from the victim's computer, leaving behind a directory of empty folders.

Moreover, to directly steal cryptocurrencies, the Trojans automatically replace the attacker's crypto wallet address on the clipboard when it detects the victim has typed in a cryptocurrency wallet address.

The report recorded a few addresses substituted on the victim's clipboard which consists of wallet addresses of Bitcoin , Ethereum, Bitcoin Cash, DOGE, Dash, Litecoin, Zcash, Bitcoin Gold, QTUM, and Ripple.

The address associated with Bitcoin holds around 33 BTC worth $253,238 at current market rate. However, it is not confirmed that the coins were collected from scamming users.

The rise of malware

Crypto platforms and users are very lucrative targets for cyber scammers to attack with malware. Last month, Finance Magnates reported that the developers of notorious crypto jacking malware Shellbot updated it to not only mine crypto remotely but also to shut down host’s ongoing mining activities to utilize more processing power.

Another Trojan was discovered earlier this year, which was targeting Android devices to steal cryptocurrencies and fiats.

Fraudsters have cloned the website of trading bot maker Cryptohopper to distribute malware to visitors’ computers, Bleeping Computer reported on June 5.

The fake website was first discovered by the malware researcher Fumik0_ who found out that it was injecting information-stealing Trojans, miners, and even clipboard hijackers.

Classic and sophisticated

When someone visits the scam website, it automatically downloads an executable file on the victim’s computer, and when it is installed, it infects the computer with the malware. The installation prompt even shows the logo of Cryptohopper to trick the victims.

Per the report, the installer installs a Trojan called Vidar. This steels information from the computer including browser cookies, browser history, browser payment information, saved login credentials, cryptocurrency wallets, text files, browser form autofill information, and Authy 2FA authenticator databases.

It also installs two more Qulab trojans for mining and clipboard hijacking. Both these Trojans are executed every minute to collect user data.

All the collected information is then uploaded to a remote server from where the attackers scrape the data.

The attackers are cautious enough to delete every piece of data from the victim's computer, leaving behind a directory of empty folders.

Moreover, to directly steal cryptocurrencies, the Trojans automatically replace the attacker's crypto wallet address on the clipboard when it detects the victim has typed in a cryptocurrency wallet address.

The report recorded a few addresses substituted on the victim's clipboard which consists of wallet addresses of Bitcoin , Ethereum, Bitcoin Cash, DOGE, Dash, Litecoin, Zcash, Bitcoin Gold, QTUM, and Ripple.

The address associated with Bitcoin holds around 33 BTC worth $253,238 at current market rate. However, it is not confirmed that the coins were collected from scamming users.

The rise of malware

Crypto platforms and users are very lucrative targets for cyber scammers to attack with malware. Last month, Finance Magnates reported that the developers of notorious crypto jacking malware Shellbot updated it to not only mine crypto remotely but also to shut down host’s ongoing mining activities to utilize more processing power.

Another Trojan was discovered earlier this year, which was targeting Android devices to steal cryptocurrencies and fiats.

About the Author: Arnab Shome
Arnab Shome
  • 6611 Articles
  • 97 Followers
About the Author: Arnab Shome
Arnab is an electronics engineer-turned-financial editor. He entered the industry covering the cryptocurrency market for Finance Magnates and later expanded his reach to forex as well. He is passionate about the changing regulatory landscape on financial markets and keenly follows the disruptions in the industry with new-age technologies.
  • 6611 Articles
  • 97 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}