According to a report published on the Reddit website on March 26, YouTube published a malicious ad related to a Bitcoin wallet called Electrum.
Those who clicked on that ad were directed to another page which was using a scam method called typosquatting or URL hijacking.
Typosquatting is a common method to hack the users’ account information. In this method, hackers abuse users’ typos.
For example, they register a domain with the name of gooogle.com and if someone erroneously types that instead of google.com, they steal his/her information.
The most usual thing done in this way is internet purchase or bills payment domains where the hacker steals the information of your card through connecting to an unreal payment terminal.
In Reddit post, a user named mrsxeplatypus warned the people about the outbreak of a malicious version of electrum and gave explanations about the manner it works:
This malicious ad has been designed such that it is similar to real Electrum ads. In this ad, you are even requested to enter the correct and real link of Electrum, but when you click on that link, a malicious file is downloaded quickly, the link for this site is elektrum.org which is different from electrum.org, its real link.
The Next Web, a specialized technology website, announced that Google company, the major owner of YouTube has conducted effective measures since the time this news has been published to avoid publishing this ad.
In February, the users of Electrum wallet and MyEtherWallet reported that they had confronted with some attacks.
A user in Reddit noticed that a phishing scam virus attempts to steal sensitive information of electrum users under the title of the security update.
Then one of Reddit users with the user name of Redditor exa61 posted a picture of system message from electrum wallet which asked to upgrade electrum wallet to version 4 due to security reasons while the last electrum version was 33.3.
Early in March a browser add-in of Google chrome called NoCoin somehow cheated the users. Hackers changed this add-in many times in order to make the users think that this add-in can avoid crypto jacking and infecting the system by various viruses.
In order to avoid being entangled in these malwares,’ there are some simple techniques.
Pay careful attention to the address domains they are in. Instead of typing the address in your browser, search it via valid search engines to get directed to the address.
Don’t click on the links the ads in virtual networks show except you are sure about the sources of those ads.
Reference: Cintjournal Website