For months now, there have been reports that various United States government departments and agencies are considering adopting regulations pertaining to the peer-to-peer decentralized digital currency bitcoin. Nothing has come to fruition yet, except for a ruling by the Federal Election Commission (FEC) and an array consumer alerts issued by Washington and state governments.
This is why it may have been surprising to many in the bitcoin community that the U.S. government implemented a ban on the virtual currency. This is what was supposedly confirmed in a report that was passed around social media, but it was determined to be fake and the purpose was to spread malware.
Numerous tweets and retweets and shares were produced on social media by mostly fake Twitter accounts through a shortened link that takes the visitor to a video on the Wall Street Journal website on the matter of a bitcoin prohibition.
After a couple of moments the user will realize that they’re not actually on the news publication’s website. Instead, the individual is on a Thailand-based business website, siam-sunrise.com. The video appears to be loading but then a few seconds pass when a fake Adobe Flash Player plug-in pops up.
When the visitor clicks “Install,” they will be given several files, including the Install_Adobe_Flash_Player.exe, two DLL files and a ReadMe.htm. It turned out that the files were actually not for a Flash Player but instead a Trojan and the files place themselves into the Temp folder and become hidden. Once this process is completed, the computer becomes infected with the malware.
A simple search on Twitter will suggest that the fake bitcoin article was pretty widespread, and each tweet consisted of the exact same text with a part of it emboldened: “USA Government trying to shutdown Bitcoin network.”
MalwareByte was one of the first to discover the malware last Thursday and wrote:
“According to my own dynamic analysis, the malware creates an establish connection with a remote server and drops additional malware, such as the “notepad.exe” that is found in the Temp folder and beaconing out to the same remote server as the initial Install file.”
In the end, if you come across the link, be sure to report the tweet as spam.