Advertisement

News

YouTube users are being targeted with a fake Bitcoin mining scam

Patrick Devaney

Published

Recently we’ve been warning users across many different apps, websites, and social networks about scams that have been targeting their users. Today it is YouTube users who need to heed our warnings as a new scam has been spotted that is seemingly targeting bitcoin and cryptocurrency enthusiasts. Let’s take a look.

YouTube Download Now

Cybersecurity specialists and researchers AI cyber risk and threat intelligence firm Cyble have found more than 80 YouTube videos that have links to fake Bitcoin mining software that is actually for an installer file for PennyWise, which is a malicious piece of malware.

YouTube users are being targeted with a fake Bitcoin mining scam

At the time of discovery, the videos had relatively few views but Cyble reports that the scammers behind the malware have implemented several social engineering tactics to try and portray legitimacy and instil confidence in the victim to hit the download button.

The first of these is making the downloadable file password protected. As you can see in the screenshot above, the password is given right next to the download link but protecting the file behind a password still helps to build trust with unwitting victims. The second of these methods is a link to a VirusTotal page that supposedly says the file is safe. This second one even comes with an instruction to deactivate any antivirus if it tries to block the download.

Once PennyWise has infected a device it steals a lot of information from the many browsers it is able to target, which include more than 30 Chrome-based browsers, more than 5 Mozilla-based browsers, Opera and Microsoft Edge. It then proceeds to steal things like, “the username, the machine name, the system language and timezone from the victim’s operating system.” It also runs constant checks to see if there is active antivirus on the device and to determine whether it is running inside a sandbox or a virtual machine. Once it has all the browser information it moves onto cryptocurrency wallets.

Again, what we have here is a phishing scam that is attempting to lure users into wilfully downloading malicious files onto their PCs. This means that to protect yourself from this type of threat you need to be vigilant about all links you click and every file you download to your device. To help you do this, we have put together an anti-phishing infographic.

Image via: Tech Republic

You may also like