Hackers Stealing Bitcoin Through YouTube Videos

Reading Time: 2 minutes

As people become savvier and more aware of scammers tactics to steal your crypto, the scammers step up their game, and this time they have truly taken things to the next level. Hackers are now embedding the Qulab trojan script in YouTube videos that promote fake Bitcoin generating tools. Once a victim clicks on the ads in the video, Qulab will download and install itself on the victim’s machine. Once it’s active, it will scan the machine for crypto information – such as private keys and seed phrases – and send it back to the scammer. It can do a lot of damage really quickly – meaning it’s important to detect it early on.

Don’t Download the App

The YouTube video will sell the scammers platform as an amazing app that will help you generate Bitcoin quickly and easily. The goal of the video is to get users to download the app, and inside this app is Qulab. As soon as a user downloads the app, it will install itself in the %AppData%\amd64_microsoft-windows-netio-infrastructure\msaudie.module.exe location and begin working. Once the app is installed, users won’t be able to detect it’s evil effects until it’s too late.

Swapping Addresses

Part of the Qulab trojan is a clipboard hijacking script. This means every time you copy a crypto wallet, it will replace the data with the hacker’s address. Unless users check the address when it’s pasted, the hacker will become the new recipient. Unfortunately, many people don’t double check the wallet address they’re sending crypto to – especially if it’s copied from a reputable source. We saw a similar thing happen recently on Wikipedia whereby hackers managed to create a script that changed wallet address on screen before pages loaded. This meant when donating to Wikipedia in crypto, you were in fact sending crypto to scammers.

Virus Everywhere We Look

Unfortunately, scammers are desperate to get their hands on your Bitcoin, and they will stop at nothing to achieve their goal. Recently, the Cointicker app for mac was compromised and had a trojan virus added to it. The virus stole information related to cryptocurrencies – including private keys and seed phrases. It’s still unknown the total amount of crypto that Cointicker manage to steal, but it’s thought to be well into the 1,000’s of Bitcoin.

If you want to keep your crypto safe, never download an app you find in a YouTube video. Only download apps from reputable sources or from the project’s website directly. Ensure the project is reputable and the website is in fact the correct one. Many letters can be swapped out for upper or lowercase letter and remain looking the same. Stay safe out there, scammers are everywhere we look.