Skip to main content

Fake Bitcoin Story on Twitter Leads to Malware

It's true that various branches of the United States government are considering, or rumored to be considering, ways to regulate Bitcoin. But nothing is official just yet, so don't believe the latest Twitter scam claiming that the US government is shutting Bitcoin down.

The tweets contain links purporting to lead to a news video on the Wall Street Journal. If you try to view the video, you'll see a popup asking you to install Adobe Flash Player first. Clicking "Install" actually downloads a piece of malware that the spammers can use to download even more malware onto your computer.

MORE: Best Antivirus Software 2014

According to Adam Kujawa of security software company Malwarebytes, who discovered the scam, the malicious tweets are being spread by a number of fake Twitter accounts. Worse, other Twitter users are retweeting them without realizing that the news is false and the link leads to malware.

The fake Wall Street Journal page is actually a part of a Thailand-based domain called "siam-sunrise [dot] com". The fake Adobe download contains two DLL files and a ReadMe.htm file that appear to be legitimate, Kujawa says, as well as an executable file called "Install_Adobe_Flash_Player.exe" which is the malware. 

Once downloaded, this malware moves itself to the systems Temp folder and becomes hidden. It then establishes a connection between the infected computer and a remote server in order to download more malware onto it without the user's knowledge. Kujawa hasn't determined what kind of malware this is, but he speculates it's a remote access Trojan (RAT).

If these types of tweets show up in your Twitter feed, do not click on the link, and report the tweet as spam. If you've been infected by this spam campaign, Malwarebytes' free antimalware program also detects the malware and will eliminate it.

Email jscharr@techmedianetwork.com or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.