Fortinet’s FortiGuard Labs has discovered a new scam using the lure of an Amazon gift card generator to steal cryptocurrency from people.
Researchers with FortiGuard Labs said they found a file titled “Amazon Gift Tool.exe” that was being marketed on a publicly available file repository site as a free Amazon gift card generator.
When people download the file and open it, a malicious winlogin.exe is dropped and executed.
“The purpose of the malware is simple. If the victim tries to add money to their anon-bitcoin wallet by copying and pasting the wallet address, the malware overwrites the victim’s wallet address on the clipboard with its own, resulting in the money potentially going to the attacker,” the researchers explained.
According to FortiGuard Labs, the malware watches a user’s clipboard to search for text that is 54 characters long — the length of a cryptocurrency wallet address — and other criteria that indicate the text is related to cryptocurrency.
If the text matches three different criteria, the malware puts the attacker’s Bitcoin Cash wallet address in place of the clipboard information.
The malware also searches for addresses related to Ethereum, Binancecoin, Litecoin, Dogecoin and Ripple.
“We also found that the malicious winlogin.exe was distributed by a