Counterfeit version of the automated digital money trading platform that steals users’ cryptocurrency
Phishing site, styled as a service Cryptohopper, found Twitter user under the nickname Fumik0_. According to him, when visiting a platform clone, the installer automatically downloads the installer, which contains viruses.
When you start the program, the Vidar system is activated, it steals the user’s personal data. It also installs two Qulab trojans for hidden mining and capturing information from the clipboard. Cookies, browser history and payment information stored in it, including those necessary to access cryptocurrency wallets, are at risk. All this is sent to a remote server.
When Qulab detects that a user has copied a string that looks like the address of a digital money vault, the data is replaced with an intruder’s wallet. The virus has bogus addresses for BTC, ETH, BCH, DOGE, DASH, LTC, ZEC, BTG, XRP and QTUM. One of them has already received digital money in bitcoins worth over $ 258 thousand.