'USA government trying to shutdown Bitcoin' scam chirps up on Twitter
Posted by: Jon Ben-Mayor on 05/24/2014 07:20 AM
[
Comments
]
This new scam is taking advantage of all the recent Bitcoin news relating to the way the government is attempting to come up with a plan to regulate the cyber currency. It is this legitimate press that helps breed this type of scam by allowing the scammer to throw out deceptive tentacles piggy backing on real news, in hopes of latching on to an unsuspecting mark who will then forward on the bait.
The majority of the accounts pushing these things are clearly fake, using gathered Twitter handles to launch the barrage of malicious spam at the Twitterverse.
However, the most worry some part is that some legitimate accounts are retweeting the spam without actually reading into what it is, or maybe their account has been compromised.
So now that we know these links are everywhere, where do they go? Well it turns out that they navigate the user to a “video” for the Wall Street Journal, that is to discuss the USA trying to shut down Bitcoin:
Following the URL reveals that you are actually located at “siam-sunrise.com” a website for a business in Thailand, although actually visiting the source domain leads to nothing more than a black screen. Clearly the site was compromised and Kujawa says that Malwarebytes is in the process of getting the compromised site shutdown.
Kujawa notes, they have not done an extensive analysis into this particular malware threat, but says that it is likely to be a remote access Trojan, possibly related to the Darkcomet RAT.
As with any unknown link - do not click it, not that we really need tell anyone that, but sometimes it is good to reiterate the warning for newcomers. It is best to immediately report it as spam, but Kujawa says that if you did click the link and downloaded anything, be sure to run your favorite antivirus and/or Malwarebytes Anti-Malware. For your reference, this particular threat is being detected as Adware.Agent.
The majority of the accounts pushing these things are clearly fake, using gathered Twitter handles to launch the barrage of malicious spam at the Twitterverse.
However, the most worry some part is that some legitimate accounts are retweeting the spam without actually reading into what it is, or maybe their account has been compromised.
So now that we know these links are everywhere, where do they go? Well it turns out that they navigate the user to a “video” for the Wall Street Journal, that is to discuss the USA trying to shut down Bitcoin:
Following the URL reveals that you are actually located at “siam-sunrise.com” a website for a business in Thailand, although actually visiting the source domain leads to nothing more than a black screen. Clearly the site was compromised and Kujawa says that Malwarebytes is in the process of getting the compromised site shutdown.
Kujawa notes, they have not done an extensive analysis into this particular malware threat, but says that it is likely to be a remote access Trojan, possibly related to the Darkcomet RAT.
As with any unknown link - do not click it, not that we really need tell anyone that, but sometimes it is good to reiterate the warning for newcomers. It is best to immediately report it as spam, but Kujawa says that if you did click the link and downloaded anything, be sure to run your favorite antivirus and/or Malwarebytes Anti-Malware. For your reference, this particular threat is being detected as Adware.Agent.
Comments
