Phishing Bitcoin scam tricks users into downloading ransomware virus

A new scam tricks users into downloading ransomware by allegedly promoting malicious program as a Bitcoin Collector

According to an pseudonym Cyber Security researcher, Frost, a bunch of websites have been detected that scam users by promising that they have chance of earning up to 30 USD Bitcoin per day by promoting a program named BItcoin collector. By its installation, users end up into getting ransomware and Trojan virus inside their system. Users might install this program by getting attracted towards the huge earning amount by which they can generate 30 Bitcoin (1 Bitcoin is 8,730 USD) per day.

This scam also incorporates the referral program that allows the users to earn 3 (750 USD) Ethereum with referring thousand visits. This is not the crux of the scam rather an offer on website for daily earnings of Bitcoins. Once clicked, victims are redirected to another website controlled by Bitcoin Collector’s scammers. On this page, victims are offered a download that leads into installation of the money making application.

It is confirmed that the file that is downloaded is nothing but a Trojan. Users might notice that many a file got inside with the file download one of such is BotCollector.exe, which once executed, it will launch a program called Freebitco-in-Bot. This is actually a Trojan virus that pretends to be a Bitcoin generator. However, it main task is to launch a malware payload.

Hidden Tear ransomware and Baldr Trojan

Bleeping Computer states, two versions of campaigns the scammers are conducting and depending upon this either ransomware or Trojan virus is triggered inside the system.

Hidden Tear ransomware is that ransomware. It encrypts files stored on a computer and appends .Crypted extension. After that it creates ransom note named HOW TO DECRYPT FILES.txt that states the following:

“All your information (documents, databases, backups and other files) this computer was encrypted using the most cryptographic algorithms.
All encrypted files are formatted .Crypted.
This form files ‘.Crypted’ is a joint development of American Hackers.
You can only recover files using a decryptor and password, which, in turn, only we know.
It is impossible to pick it up.
Reinstalling the OS will not change anything.
No system administrator in the world can solve this problem without knowing the password
In no case do not modify the files! But if you want, then make a backup.
Drop us an email at the address [email protected]
You have 48 hours left. If they are not decrypted then after 48 hours they will be removed!!!”

At the release, this ransomware uses AES-256 algorithm.  If the campaign does not install ransomware, it will install Baldr Trojan. This malware especially targets personal information. It can steal login credentials, taking screenshots, steal files and cryptocurrency addresses and retrieve browser histories.

Citizens Advice release how to detect scam

Detection of the scam is not that easy. Article Published by Citizens Advice provides details about how to look out to suspect something as a scam:

“Don’t click on anything and leave the website. You might want to keep the email as evidence in case you report the scam…If you’ve had an email that looks like it’s from your bank, contact your bank directly using the number on your card. You can also log into your account on their website – use Google to find the real one…You can also block the email sender or mark an email as ‘spam’ or ‘junk’ – this means you won’t see them in your inbox. Check your email provider’s help section for instructions on how to do this.”