A new Bitcoin scam is luring victims into downloading malware by promising them free Ethereum and BTC.

This scam is being promoted through various websites that offer several programs that reportedly reward users with free cryptocurrency.

Cunning Bitcoin scam

There are two levels to the current cryptocurrency scam being pushed.

The first is that the websites offer free Ethereum (ETH) to users who refer others to the scam-pushing websites.

The payout for the referrals breaks down to three ETH for every 1,000 visits, which amounts to US$807 [AU$1,170] at current prices.

The ETH referral payout is just the lure, however, and a means of expanding the scope of the Bitcoin scam.

It’s the second layer of the operation that is the true heart of the scam.

Once a person is on one of the shady websites, they are met with another offer of gaining free cryptocurrency in the form of $15 to $45 a day in free bitcoins.

To get their hands on this free BTC, the user is told to download a program called “Bitcoin Collector.”

This program is supposed to generate free BTC for the user but it actually does anything but.

Malicious consequences

If the victim downloads the “Bitcoin Collector” program and extracts it, a number of files are generated.

The notable file that is unzipped is called “BotCollector.exe,” which will run a program called “Freebitco.in – Bot” when launched.

Instead of generating a daily dose of free bitcoins, this program actually installs malware on the victim’s system.

A malware researcher who goes by the name Frost on Twitter uncovered the scam and, according to him, this malware has taken two different forms so far.

Originally, the “BotCollector.exe” sequence launched ransomware called “Marozka Tear Ransomware.”

Victims of the ransomware would have their files encrypted and then receive a digital ransom note, via a text file, telling them that they had 48 hours to contact the hackers and arrange or payment or else the files would be lost completely.

This particular iteration of the malware appears to have been foiled, however, as victims whose machines have been infected can run the HiddenTear Decrypter utility to decrypt their files for free.

Frost reports that the malware has now shifted gears and, instead of installing ransomware, installs a Trojan designed to steal information from infected computers.

This Trojan, identified by Frost as Baldr, can be used to steal files, document your browsing history, take screenshots, and even steal your login info for anything from your email to cryptocurrency wallets.

If you visited one of these “Bitcoin Collector” websites recently – especially if you downloaded the “official application” – it is recommended that you run virus and malware scans on your computer and update all of your passwords.