Viewers interested in the advertisement were redirected to a malicious link using a common scamming method called typosquatting or URL hijacking. In the Reddit post, a user named mrsxeplatypus warned the public about the promotion of a malware version of Electrum, and described how the scam ad worked:
“The malicious advertisement is disguised to look like a real Electrum advertisement […] It even tells you to go to the correct link (electrum.org) in the video but when you click on the advertisement it immediately starts downloading the malicious EXE file. As you can see in the image, the URL it sent me to is elecktrum.org, not electrum.org.”
In February, users of cryptocurrency wallets Electrum and MyEtherWallet reported that they were facing phishing attacks. One user on Reddit found that a phishing scam attempting to steal sensitive data from Electrum customers was posing as a security update.
Redditor exa61 then posted a picture of a system message, allegedly from Electrum wallet, requiring a security update to Electrum 4.0.0, while the latest version of the wallet was Electrum 3.3.3 at the time.
Earlier in March, a Google Chrome browser extension dubbed NoCoin tricked users into participating in a fake airdrop from cryptocurrency exchangeHuobi, claiming over 230 victims. Hackers had purposely disguised the malicious extension to look like a tool protecting users from cryptocurrency malware or so-called cryptojacking.