Skip to main content

Fake Bitcoin Story on Twitter Leads to Malware

It's true that various branches of the United States government are considering, or rumored to be considering, ways to regulate Bitcoin. But nothing is official just yet, so don't believe the latest Twitter scam claiming that the US government is shutting Bitcoin down.

The tweets contain links purporting to lead to a news video on the Wall Street Journal. If you try to view the video, you'll see a popup asking you to install Adobe Flash Player first. Clicking "Install" actually downloads a piece of malware that the spammers can use to download even more malware onto your computer.

MORE: Best Antivirus Software 2014

According to Adam Kujawa of security software company Malwarebytes, who discovered the scam, the malicious tweets are being spread by a number of fake Twitter accounts. Worse, other Twitter users are retweeting them without realizing that the news is false and the link leads to malware.

The fake Wall Street Journal page is actually a part of a Thailand-based domain called "siam-sunrise [dot] com". The fake Adobe download contains two DLL files and a ReadMe.htm file that appear to be legitimate, Kujawa says, as well as an executable file called "Install_Adobe_Flash_Player.exe" which is the malware. 

Once downloaded, this malware moves itself to the systems Temp folder and becomes hidden. It then establishes a connection between the infected computer and a remote server in order to download more malware onto it without the user's knowledge. Kujawa hasn't determined what kind of malware this is, but he speculates it's a remote access Trojan (RAT).

If these types of tweets show up in your Twitter feed, do not click on the link, and report the tweet as spam. If you've been infected by this spam campaign, Malwarebytes' free antimalware program also detects the malware and will eliminate it.

Email or follow her @JillScharr and Google+. Follow us @TomsGuide, on Facebook and on Google+.

  • HEXiT
    it amazes me that people still fall for this kind of scam. i and many like me always tell our family and clients only update from the offical site the app came from and if your told by a site you visit to update your player, to go to the players own site and see if theres an update. if not then you can be sure its a scam and dont go back.