chepicap.com
According to the Bleeping Computer, a information security and technology news publication, a clone of the crypto website ‘Cryptohopper’ is spreading crypto malware to its users unknowingly.
According to the report, scammers have mirrored the popular Cryptohopper website, which is a site where users can program tools to perform automatic crypto trading. Once users enter the website that is identical to the Cryptohopper website, they are automatically downloaded a setup.exe installer. Once this installer runs, it installs Trojans on the users computer.
Scammers have even gone to the length to implement the Cryptohopper logo within the installer, to further trick the users. Some of the various Trojans infecting the computer include the information stealing Trojan, Vidar. The Vidar trojan then installs two Qulab trojans for mining and clipboard hijacking, which is deployed to collect data every minute.
Some of the data collected includes browser cookies, browser history, browser payment information, login credentials, and crypto wallets. All being collected by the Vidar Trojan, it then compiles all of this info and sends it to a remote server.
The clipboard hacking Trojan substitutes its own address in the clipboard on the computer when the user has copied a string that looks like a crypto wallet address. Users will then get redirected to the hackers address rather than the address of the wallet they were initially looking for.