A fake version of the Cryptohopper website allegedly installs malware on visitors' computers. This is what Bleeping Computer writes in an article that was published on 5 June.
It would concern a number of trojan horses, one of which steals the information about the user and passes it on to the hacker. In addition, the malware also uses the victim's computer to mine cryptocurrencies and replaces the copied crypto wallet addresses with the hacker's wallet address.
Cryptohopper is a website where investors can make tradings bots. These bots automatically trade in cryptocurrencies, so that the user no longer has to perform any actions.
The clone of the Cryptohopper website was discovered by Fumik0_. He found out that the website injected the malware onto visitors' computers as soon as the website was visited.
As soon as you visit the website, it installs the malware directly on the computer. An installation screen appears with the Cryptohopper logo on it. The malware that is installed is called Vidar and steals, among other things, browsing the history, text files, stored login data and authentication databases.
In addition to Vidar, it also installs Qulab, a trojan horse that uses the victim's computer for mining and replaces copied wallet addresses. Because wallet addresses are often long strings of numbers and letters, it is sometimes difficult to see the difference between two addresses. Qulab, therefore, uses this lack of clarity, as a result of which the victim unconsciously sends cryptocurrency to the wrong address.
Copied addresses are said to be replaced with, among other things, bitcoin, ethereum, bitcoin cash and ripple addresses. The hacker's bitcoin address is said to already have about 33 bitcoins, which is currently worth around $ 253,000. It is unclear whether these bitcoins were captured using the malware.