Cryptocurrency once emerged as one of the most alluring investments. That’s one reason why hackers have taken over this niche with various scams. Recently, a free cryptocurrency scam has surfaced online where the victim installs a ‘Bitcoin Collector’ in a hope to ‘generate’ bitcoins. But what happens next is not what they want.
Free Cryptocurrency Scam Going Around
As reported by Tron Weekly, a new scam is going around to trap crypto users by offering free bitcoins. This free cryptocurrency scam allures people to websites offering free bitcoins worth a few dollars simply for running their Bitcoin Collector tool.
The scam first came into the limelight by a malware researcher with alias Frost on Twitter.
#scam #dropping #ransomware
//ethclick(.)live/ss.exe <– payload
//ethclicks(.)live/lo/index.html <— Panel@demonslay335 @Amigo_A_ @JAMESWT_MHT @James_inthe_box @malwrhunterteam @JayTHL @luc4m @MisterCh0c @makflwana https://t.co/32yVFtssIn pic.twitter.com/puHAjVeVsS
— Frost (@x42x5a) May 20, 2019
To promote this crypto scam, different malicious websites offer Ethereum tokens to the users for bringing more users to the site. This supposed referral program offers 3 ETH for 1000 visits (or 0.3 ETH for every 100 visits) reaching the site via the user’s referral link. (At the time of writing this article, 3 ETH equal $765 approx).
However, the actual scam lies in the distinctly advertised offer that reads,
EARN 15$ – 45$\day in BTC for FREE and automatically
Tempted by the offer, a visitor is likely to click on this offer, which then redirects to another web page promoting ‘Bitcoin Collector’.
The program ‘Bitcoin Collector’ claims to generate Bitcoins as it downloads and installs on to the victim’s device. However, the fact is that it does not ‘generate’ any BTC (obviously). Rather it infects the target device with malware. The program downloads as a zipped file ‘BotCollector’, which contains numerous other files. The most prominent of these is the ‘BotCollector.exe’ – an executable program. Upon execution, it launches a program ‘Freebitco.in – Bot’ which triggers the malware as soon as the victim clicks on the ‘Start’ button.
About The Malware
When the researcher discovered this scam, he noted it was used to trigger ransomware ‘Marozka Tear Ransomware’ – a HiddenTear variant. However, a Decrypter was later released called HiddenTear Decrypter utility themselves, the attackers then changed their strategy. Now, the scam installs a Trojan to the victim’s device that simply pilfers the data.
With regards to the specific Trojan, Frost identified it as the Baldr Trojan. It is a robust malware that establishes a link between the device and its C&C center. This Trojan can steal data from the device, track browsing history, steal login credentials of websites and apps, and take screenshots. It can even pilfer from cryptocurrency wallets.
Users must ensure staying away from such scams. If you have visited any of these websites, make sure to scan your device with a robust antimalware, change any login credentials, and review your system’s security.