FreeCryptoScam – A New Cryptocurrency Scam That Leads to Installation of Backdoors and Stealers


In January 2022, the ThreatLabz research team identified a crypto scam, which we’ve dubbed “FreeCryptoScam.” In this scam, the threat actor targets crypto users by luring them with an offer of free cryptocurrency. When the victim downloads the payload, it leads to installation of multiple malware payloads on the victim’s system, allowing the threat actor to establish backdoors and/or steal user information. In this campaign, we see the Dark Crystal RAT (“DCRat”) being downloaded which further leads to Redline and TVRat being downloaded and executed onto the victim’s system.

This blog aims to explain various aspects of the campaign that the ThreatLabz team has uncovered during the investigation and technical analysis of the dropped payloads.

Read more…