Author

Topic: Be careful of Trojan.Coinbitclip (Read 1963 times)

newbie
Activity: 97
Merit: 0
September 03, 2017, 09:13:03 PM
#19
wow ... danger ... we have to be more careful again. how it can all happen. are there already solutions and applications that have been able to anticipate it?  Sad
It seems like there's a bunch of this kind of stuff going on nowadays, you have to be careful.
full member
Activity: 532
Merit: 100
September 03, 2017, 09:00:26 PM
#18
Sorry for bumping this thread up.
I recently infected by this trojan, and its changing everytime I copy-pasted a bitcoin address.
And it's identical!

Anyone should read this topic and aware of their bitcoin transcations.

This is how to prevent this:
- Look 2-3 times because of its identical.
- Simply run an Adblocker and do not turn them off, seriously
- Do not install any sketchy executable files
- If you're already infected, you can install Sophos Virus Removal Tool here: https://secure2.sophos.com/en-us/products/free-tools/virus-removal-tool/free-download.aspx
thanks for the information. this will be very helpful to prevent. now there are too many opportunities for virus entry. as active internet users are mainly associated with altcoin. we must be more careful
full member
Activity: 532
Merit: 100
September 03, 2017, 08:46:56 PM
#17
wow ... danger ... we have to be more careful again. how it can all happen. are there already solutions and applications that have been able to anticipate it?  Sad
full member
Activity: 156
Merit: 100
September 03, 2017, 08:29:28 PM
#16
To people unaware this is a very common cryptocurrency virus that has been going around for a view years (made differently from each virus but same concept).

The way it works is the virus will have a few hundred or a few thousand (usually 10,000+) coin addresses made and when the user goes to copy and paste the coin address it will find out of the address list the most closest address it has and inputs that address hoping you won't notice the difference. Because there are so many addresses it is usually pretty close to the original address and so close you don't notice.

It's best to scan anything cryptocurrency related through virustotal and chances are at least one anti-virus will pick up on it. Best to only download and run trusted programs.

Be safe out there.
sr. member
Activity: 368
Merit: 266
September 03, 2017, 07:41:55 PM
#15
Sorry for bumping this thread up.
I recently infected by this trojan, and its changing everytime I copy-pasted a bitcoin address.
And it's identical!

Anyone should read this topic and aware of their bitcoin transcations.

This is how to prevent this:
- Look 2-3 times because of its identical.
- Simply run an Adblocker and do not turn them off, seriously
- Do not install any sketchy executable files
- If you're already infected, you can install Sophos Virus Removal Tool here: https://secure2.sophos.com/en-us/products/free-tools/virus-removal-tool/free-download.aspx

How is this virus contracted? Do you know how you were infected? That would be some helpful information. I always do the virusTotal scan when downloading but some of the google appstore stuff can be tricky.  How'd you acquire it?
full member
Activity: 182
Merit: 100
September 03, 2017, 07:34:58 PM
#14
Sorry for bumping this thread up.
I recently infected by this trojan, and its changing everytime I copy-pasted a bitcoin address.
And it's identical!

Anyone should read this topic and aware of their bitcoin transcations.

This is how to prevent this:
- Look 2-3 times because of its identical.
- Simply run an Adblocker and do not turn them off, seriously
- Do not install any sketchy executable files
- If you're already infected, you can install Sophos Virus Removal Tool here: https://secure2.sophos.com/en-us/products/free-tools/virus-removal-tool/free-download.aspx

Can you provide us with more info? How can it be nearly identical and still be able to send it to the hacker? That would be very coincidential, no?

Also, AdBlock really is a must nowadays...
member
Activity: 103
Merit: 100
Learn Something New
September 03, 2017, 07:29:00 PM
#13
Sorry for bumping this thread up.
I recently infected by this trojan, and its changing everytime I copy-pasted a bitcoin address.
And it's identical!

Anyone should read this topic and aware of their bitcoin transcations.

This is how to prevent this:
- Look 2-3 times because of its identical.
- Simply run an Adblocker and do not turn them off, seriously
- Do not install any sketchy executable files
- If you're already infected, you can install Sophos Virus Removal Tool here: https://secure2.sophos.com/en-us/products/free-tools/virus-removal-tool/free-download.aspx
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
February 23, 2017, 11:26:06 AM
#12
in addition to the 1st and last few i check a few in the middle.

i would think this trojan could be used for most any coin. all it needs to do is recognize the address format to substitute an appropriate address for that coin.
legendary
Activity: 1638
Merit: 1163
Where is my ring of blades...
February 23, 2017, 01:48:23 AM
#11
As far as I know it is next to impossible to change an address to something that is almost the same as the address you are trying to send to.

The addresses are generated from a private key, so unless they can calculate a gazillion of them to get that close match to your address, it will just be a random one.

People are taking days to get vanity addresses that they want, if it was possible to almost match addresses, they would take milliseconds to find what they want and it would also be very easy to crack into wallets.

Nevertheless, you should always be wary of these trojans and find a way to avoid contracting one on your system.

EDIT: Or do you mean it just changes the address to mess with you and not actually send it to the distributor of the trojan?

technically there can be malicious programs such as Trojan that messes with you without needing to generate a valid bitcoin address with private keys, it can be there just to cause "you to lose money" not the spreader to make money. and it would be like any other Trojan out there that messes with your computer.
generating a valid bitcoin address without a private key is much easier than vanitygetn you have in mind. it is a simple checksum validation to generate a valid address .

and I suppose checking the first 3 and last 3 letters is enough to make sure it hasn't changed but check as much as you can to be 100% sure.

p.s. why is this in an altcoin board not in bitcoin?!!
sr. member
Activity: 784
Merit: 251
February 22, 2017, 09:36:26 PM
#10
Trojan.Coinbitclip changes the address to almost the same address that you copy in the clipboard when you ctrl+c. My antivirus Bitdefender did not detect it and lost some money. I usually check the 1st 4 and last 4 of an address, and it changed a few numbers in the middle. Just warning you guys to read the whole address before sending.

oh shit, the info is very helpful!
Yesterday I told a friend to join in coinbitclip, fortunately the I was not so joined coinbitclip
legendary
Activity: 1120
Merit: 1002
February 19, 2017, 03:58:43 AM
#9
I have recently got the occasion to look at the source of this trojan.
It is scary of simplicity .. just a piece of code written in C, which you must compile to create a simple executable. You have the ability to include the bitcoin address of your choice during compilation.

I highly suppose we will see emerging a lot of new variables of this virus,  as most of the anti-viruses don't detect it as a potential trojan .

it also exists a java version of this .

conclusion: as always, NEVER download executables you're not 100% sure.   Smiley
sr. member
Activity: 420
Merit: 250
AKA RJF - Since '14 - On line since '84
January 26, 2017, 08:59:20 AM
#8
Trojan.Coinbitclip changes the address to almost the same address that you copy in the clipboard when you ctrl+c. My antivirus Bitdefender did not detect it and lost some money. I usually check the 1st 4 and last 4 of an address, and it changed a few numbers in the middle. Just warning you guys to read the whole address before sending.
Do you have any idea where did you catch it? It is spreading mainly by mail, websites, pirated files, also if what antivirus is good against it?
Is there any online service, scanner of some sort I can use to screen my PC?

The only thing I can tell you is no matter which anti virus product you use, some bad stuff will find a way through. Always look closely at the address you are about to paste into the send box and verify it's the same one you copied. This particular infection is a root kit, very difficult to detect. Sorry I can't help you more...
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
January 26, 2017, 02:56:55 AM
#7
Trojan.Coinbitclip changes the address to almost the same address that you copy in the clipboard when you ctrl+c. My antivirus Bitdefender did not detect it and lost some money. I usually check the 1st 4 and last 4 of an address, and it changed a few numbers in the middle. Just warning you guys to read the whole address before sending.
Do you have any idea where did you catch it? It is spreading mainly by mail, websites, pirated files, also if what antivirus is good against it?
Is there any online service, scanner of some sort I can use to screen my PC?

Password Depot stops and asks you about pretty much any wallet over the years.
They are flagged because they read your clip board on windows.. which is common and normal.

In this case i would get a prompt asking me about the malware.
Wallets don't need to read your clipboard to function i found.
legendary
Activity: 2450
Merit: 1047
January 25, 2017, 11:36:53 PM
#6
Trojan.Coinbitclip changes the address to almost the same address that you copy in the clipboard when you ctrl+c. My antivirus Bitdefender did not detect it and lost some money. I usually check the 1st 4 and last 4 of an address, and it changed a few numbers in the middle. Just warning you guys to read the whole address before sending.

I thought Bitdefender is a good anti virus I am using it along karspersky and they both block unwanted files and links effectively,so we have to use virustotal to make sure that the tools or applications that we are using is indeed safe.
hero member
Activity: 560
Merit: 502
January 25, 2017, 11:00:35 PM
#5
Trojan.Coinbitclip changes the address to almost the same address that you copy in the clipboard when you ctrl+c. My antivirus Bitdefender did not detect it and lost some money. I usually check the 1st 4 and last 4 of an address, and it changed a few numbers in the middle. Just warning you guys to read the whole address before sending.
Do you have any idea where did you catch it? It is spreading mainly by mail, websites, pirated files, also if what antivirus is good against it?
Is there any online service, scanner of some sort I can use to screen my PC?
sr. member
Activity: 420
Merit: 250
AKA RJF - Since '14 - On line since '84
January 25, 2017, 09:59:17 PM
#4
As far as I know it is next to impossible to change an address to something that is almost the same as the address you are trying to send to.

The addresses are generated from a private key, so unless they can calculate a gazillion of them to get that close match to your address, it will just be a random one.

People are taking days to get vanity addresses that they want, if it was possible to almost match addresses, they would take milliseconds to find what they want and it would also be very easy to crack into wallets.

Nevertheless, you should always be wary of these trojans and find a way to avoid contracting one on your system.

EDIT: Or do you mean it just changes the address to mess with you and not actually send it to the distributor of the trojan?


As of now the money is just sitting there on the address, unmoved for 1 week or so.

This is what it does from reading about it from different websites, basically a pain in the ass to remove

 "After setting up nice and comfy on your PC, the Trojan begins to automatically look for any BitCoin addresses that are copied by the user. What the Trojan does is it uses a custom database of many third-party BitCoin addresses to replace them with the currently copied address immediately after detection. What is more, the cyber-threat is smart – it uses the BitCoin address in its database closest to the actual one that has been copied to the clipboard."

"Inherits the common Trojan characteristic, manages to steal stored information so as to commit identity fraud for money. Thus an efficient way is in desperate need to stop the vicious deed. However, Trojan.Coinbitclip knows well how anti-virus programs work, so it binds its pivotal components onto system items to avoid automatic removal. Thus manual method is recommended by Spyhunter to remove it. Be noted that Trojan.Coinbitclip injects multiple copies of its own to various directories"





Still alive, still infecting PCs with Windows 7 or older.

Name: Trojan.Coinbitclip

For removal, see: https://malwarefixes.com/threats/trojan-coinbitclip/

This malware takes over the Windows Clibboard functions and replaces addresses you have copied to paste into sends with one of its 10,000 or so address finding one closest to the address you copied so you don't notice the swap. Very dangerous...
full member
Activity: 192
Merit: 100
September 06, 2016, 02:05:21 AM
#3
As far as I know it is next to impossible to change an address to something that is almost the same as the address you are trying to send to.

The addresses are generated from a private key, so unless they can calculate a gazillion of them to get that close match to your address, it will just be a random one.

People are taking days to get vanity addresses that they want, if it was possible to almost match addresses, they would take milliseconds to find what they want and it would also be very easy to crack into wallets.

Nevertheless, you should always be wary of these trojans and find a way to avoid contracting one on your system.

EDIT: Or do you mean it just changes the address to mess with you and not actually send it to the distributor of the trojan?


As of now the money is just sitting there on the address, unmoved for 1 week or so.

This is what it does from reading about it from different websites, basically a pain in the ass to remove

 "After setting up nice and comfy on your PC, the Trojan begins to automatically look for any BitCoin addresses that are copied by the user. What the Trojan does is it uses a custom database of many third-party BitCoin addresses to replace them with the currently copied address immediately after detection. What is more, the cyber-threat is smart – it uses the BitCoin address in its database closest to the actual one that has been copied to the clipboard."

"Inherits the common Trojan characteristic, manages to steal stored information so as to commit identity fraud for money. Thus an efficient way is in desperate need to stop the vicious deed. However, Trojan.Coinbitclip knows well how anti-virus programs work, so it binds its pivotal components onto system items to avoid automatic removal. Thus manual method is recommended by Spyhunter to remove it. Be noted that Trojan.Coinbitclip injects multiple copies of its own to various directories"



legendary
Activity: 1946
Merit: 1007
September 06, 2016, 12:30:20 AM
#2
As far as I know it is next to impossible to change an address to something that is almost the same as the address you are trying to send to.

The addresses are generated from a private key, so unless they can calculate a gazillion of them to get that close match to your address, it will just be a random one.

People are taking days to get vanity addresses that they want, if it was possible to almost match addresses, they would take milliseconds to find what they want and it would also be very easy to crack into wallets.

Nevertheless, you should always be wary of these trojans and find a way to avoid contracting one on your system.

EDIT: Or do you mean it just changes the address to mess with you and not actually send it to the distributor of the trojan?
full member
Activity: 192
Merit: 100
September 05, 2016, 08:45:40 PM
#1
Trojan.Coinbitclip changes the address to almost the same address that you copy in the clipboard when you ctrl+c. My antivirus Bitdefender did not detect it and lost some money. I usually check the 1st 4 and last 4 of an address, and it changed a few numbers in the middle. Just warning you guys to read the whole address before sending.
Jump to: