On March 26, a Reddit user by the name of mrsxeplatypus posted a warning to the community about an ad circulating on YouTube that was found to contain malware.
According to the Reddit post, the fake video was disguised as an advertisement for the Electrum Bitcoin Wallet. The redditor observed that, apart from the fact that the video featured the voice of a man with a "distorted Russian accent," nothing at first seemed awry. The advertisement even displayed the correct web address for the Electrum Bitcoin Wallet, electrum.org. However, mrsxeplatypus says that once they clicked on the video, they were redirected to another website, elecktrum.org, where the "malicious EXE file" began to download on their computer. At the time, the redditor was unable to find a way to contact Google, which owns YouTube, to alert the company to the malicious advertisement.
According to The Next Web, the operators of this scam employed a phishing technique called "typosquatting" where the perpetrators slightly alter the address of a website to bring users to a site that will infect their computers with malware. The Next Web says it reached out to Google to see if it was aware of the advertisement. Google responded, "Our teams have taken appropriate action against the ad you reported."
Unfortunately, phishing scams are commonplace in cryptocurrency ecosystems. In August 2016, fake ads for the popular crypto-wallet MyEtherWallet, which led users to a malicious website, were discovered on Google. In December 2017, users of MyEtherWallet were again targeted by unscrupulous actors who placed a phony MyEtherWallet application in the Apple App Store. The fake app was downloaded approximately 3,000 times and charged users $4.99, while the real MyEtherWallet app is free to download. In December 2018, users of the Electrum Bitcoin Wallet were prompted to download and install a software update that would steal bitcoins directly from a victim's digital wallet.