YouTube BitCoin Info-Stealing Trojan


A new scam is underway on YouTube that uses videos to promote a tool that can allegedly generate the private key for a bitcoin address. The attackers then claim this key would then allow you to gain access to the bitcoins stored in the bitcoin address, when in reality the victims will be infected with a password and data stealing Trojan.

This campaign was discovered by security researcher Frost who routinely monitors YouTube videos for cryptocurrency scams that lead to malware, which in this particular case is the Predator the Thief information-stealing Trojan

In this scam, the attacker is uploading videos that promotes a fake bitcoin address private key generator that can be used to steal other people’s bitcoins.

he file being offered is called Crypto and when extracted contains a setup.exe file, which includes a password-protected ZIP file containing the Predator the Thief executable. This setup.exe file currently has 1/71 detections on VirusTotal.

If you have been infected with this Trojan, you should immediately change all passwords for your financial accounts, web sites, chat services such as Discord, and gaming services such as Steam and

As always, you should use a password manager in order to create unique and strong passwords for every account you visit and never download programs off of YouTube, especially ones that claim to generate free money or cryptocurrency.


Please enter your comment!
Please enter your name here