Scammers have cloned the Cryptohopper site to infect visitors' computers with malware. The fake website was discovered by virus researchers under the nickname Fumik0_, who wrote that the criminals had introduced Trojans stealing information, crypto miners and even programs that steal information from the clipboard.
As it became known, when someone visited a fake website, a command file was automatically downloaded to his computer, which infected the system with a virus. When the file was installed, the Cryptohopper logo appeared, misleading users.
According to the specialist’s report, the Vidar Trojan was installed on visitors' computers, which stole various information from the computer, including browser cookies, its history and information about payments, crypto wallets, text files, information about autocomplete forms and so on.
In addition, two more Trojans penetrated into the victims' systems - for crypto-mining and stealing information from the clipboard. All information extracted by viruses was transmitted to a remote server.
Moreover, in order to steal a cryptocurrency, the Trojans automatically replaced the address in the clipboard, determining that the victim starts entering the address of the cryptograph. The expert managed to record several addresses entered instead of real ones, among them the address for Bitcoin, Ethereum, Bitcoin Cash, DOGE, Dash, Litecoin, Zcash, Bitcoin Gold, QTUM and Ripple. At the time of writing, there were about 33 BTC with a total value of $253,238.