It's a scam, has a Remote Access Tool embedded in it with a keylogger, screenshot tool, possibly more functions. Likely steals wallets and then waits for you to enter the decryption password to steal your coins, either that or it's a botnet.
Uses an interesting method of obfuscating the IP addresses it connects to, they're hidden behind pastebin links.
The person behind this has done it before, previously it was called eTrader but they did a terrible job of hiding the malware and it set off antiviruses.
Whoever made this did not hide it well, they went just far enough to make antiviruses not detect it but it's extremely obvious within less than two minutes of basic manual analysis.
Note: This analysis is of the Mac/Linux download, the Windows download may be far worse.
I've forwarded the info to more serious security researchers, this particular malware should get flagged by antiviruses in the coming month if it wasn't already on their radar.
How does it work?
It's a scam, has a Remote Access Tool embedded in it with a keylogger, screenshot tool, possibly more functions. Likely steals wallets and then waits for you to enter the decryption password to steal your coins, either that or it's a botnet.
Uses an interesting method of obfuscating the IP addresses it connects to, they're hidden behind pastebin links.
Like so, with contents next to link if they're pulled down or changed later:
193.38.55.4213.226.100.140193.38.55.4213.226.100.140https://pastebin.com/raw/DF8Gikrk https://pastebin.com/raw/UbTZx6kd https://pastebin.com/raw/bfQiiqyv https://pastebin.com/raw/r12wBrC7The person behind this has done it before, previously it was called eTrader but they did a terrible job of hiding the malware and it set off antiviruses.
Whoever made this did not hide it well, they went just far enough to make antiviruses not detect it but it's extremely obvious within less than two minutes of basic manual analysis.
Note: This analysis is of the Mac/Linux download, the Windows download may be far worse.
I've forwarded the info to more serious security researchers, this particular malware should get flagged by antiviruses in the coming month if it wasn't already on their radar.
Thanks for sharing. Scary stuff.
Yeah these scammers get tiring pretty quickly, maybe Hive needs something other than downvotes for dealing with spam.