BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

YouTube BitCoin Videos Pushing Predator Info-Stealing Trojan

A new scam is underway on YouTube that uses videos to promote a tool that can allegedly generate the private key for a bitcoin address. The attackers then claim this key would then allow you to gain access to the bitcoins stored in the bitcoin address, when in reality the victims will be infected with a password and data stealing Trojan.

- Advertisement -

This campaign was discovered by security researcher Frost who routinely monitors YouTube videos for cryptocurrency scams that lead to malware, which in this particular case is the Predator the Thief information-stealing Trojan

In this scam, the attacker is uploading videos that promotes a fake bitcoin address private key generator that can be used to steal other people’s bitcoins.

Uploaded Videos

In the video’s description will also be links to download the trojanized program from Yandex, Google Drive, and Mega.

- Advertisement -
Video Promoting Trojan

The file being offered is called Crypto World.zip and when extracted contains a setup.exe file, which includes a password-protected ZIP file containing the Predator the Thief executable.  This setup.exe file currently has 1/71 detections on VirusTotal.

CryptoWorld.zip files

This setup.exe program is a Trojan that will unzip a file to the .languagetemplatestemp folder as license.exe.

Extracting Predator the Thief installer

The license.exe file will then be executed and the Predator the Thief information stealing Trojan will be installed and executed on the computer.

Once running, Predator the Thief will communicate with the malware’s command and control server to download further components, other malware, and to send information back to the attackers.

Predator Network Traffic

This Trojan can steal a variety of information and passwords from a computer, including copying the victim’s clipboard, recording over the webcam, and stealing files from the victim.

According to Kaspersky, Predator the Thief v3 has the following features and this version may be newer.

LocationData stolen
GamesOsu
Battle.net
FTPWinSCP
VPNNordVPN
2FAAuthy
MessengersPidgin
Skype
Operating SystemWebcam
HWID
Clipboard
Specific document files (Grabber)
Project filenames*
BrowsersIE/Edge

If you have been infected with this Trojan, you should immediately change all passwords for your financial accounts, web sites, chat services such as Discord, and gaming services such as Steam and Battle.net. 

As always, you should use a password manager in order to create unique and strong passwords for every account you visit and never download programs off of YouTube, especially ones that claim to generate free money or cryptocurrency.



Source

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

France orders Polymarket block over illegal gambling

France’s National Gambling Authority (ANJ) ordered ISPs to block Polymarket, deeming prediction markets illegal...

ChartUp Solana Volume Bot: An All-in-One Toolkit Review

Solana teams often assemble testing workflows from unrelated scripts, wallets, dashboards, and venue-specific services....

ChartUp Solana Volume Booster: Random Trade Size Tests

A private Solana test becomes less informative when every swap repeats the same value....

WordPress core hit by zero-click RCE bug, patch now live

WordPress patched a pre-authentication remote code execution flaw in versions 6.9.5 and 7.0.2 on...

ECB: Stablecoin growth puts European bank deposits at risk

ECB board member Piero Cipollone warned Friday that stablecoin growth could strip European banks...

Must Read

How to Buy VPS with Crypto from Hostinger – Step by Step guide

Did you know that nowadays you can use Bitcoin to purchase a Windows VPS? If you’re here, you’re probably wondering how to do it....
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading