Beware from this malware. - page 2. | Bitcointalksearch.org

logfiles

copper member

Activity: 2170

Merit: 1827

Top Crypto Casino

Quote from: hacker1001101001 on February 24, 2019, 06:36:23 AM

My best solution to avoid such type of manipulation is using a Linux operating system which would surely keep you secure from such spammy scripts in the future.

I use Linux too and yes for now it feels safe but that does not mean that someone out there will not consider making malware for Linux too. I think the reason we don't have so many such cases in Linux is because it does not have a big user base as windows so making malware for Linux does not seem profitable and feasible for the hackers.

Care always has to be taken care off regardless of the operating system because you never know on which side of the bed the hacker might wake up from one day Grin

Quote from: crairezx20 on February 24, 2019, 10:34:22 AM

Some faucets site have auto install script so even you are not clicking any ads the malware or virus will automatically install in your system.
So to avoid getting infected or attack by hackers use an updated antivirus that supports crypto protection like Kaspersky total security.

Add the NoScript add on to the list. I currently use it in Mozilla Firefox and it blocks all suspicious scripts while you browser through different web pages. The power is in your hands on what script to unblock and which to keep blocked. This can prevent necessary downloading of malware or infection of your web browser without your knowledge.

Velkro

legendary

Activity: 2296

Merit: 1014

Quote from: Mashfiqun on February 24, 2019, 04:42:37 AM

Just yesterday I was going to send some bitcoins to my friends address. He gave me his address, I copied it and went to send on my wallet. Suddenly I saw the address my friend gave me started with 3 but the address I pasted to send the transaction started with 1. I then copied other wallet addresses and pasted on notepad. And everytime it was another new address. This was some kind of clipboard hacking.

You infected your PC somehow. Best way to fight this is to reinstall whole operating system you have. Cleaning virus is never 100% precise and you can't be sure it was destroyed completly. Best course of action is to reinstall OS as you mentioned.
Learn about computer hygiene for future actions and to not loose ur Bitcoins.

crairezx20

legendary

Activity: 1638

Merit: 1046

Some faucets site have auto install script so even you are not clicking any ads the malware or virus will automatically install in your system.
So to avoid getting infected or attack by hackers use an updated antivirus that supports crypto protection like Kaspersky total security.

I never experienced any problem like clipboard virus. I have this virus on my rig miner but I don't use them for transferring bitcoin or any crypto.

It shows clipboard.exe on task manager that is why I restrict the windows when this clipboard.exe running because I don't know how to remove this without waiting too long to scan the rig.

Anyway, I just use my rig for mining and everything there including the bat script is edited from my laptop before I transfer them to the mining rig.

Always make sure that you are using antivirus and you will be fine to protect your self from malware and viruses. Don't use AVG, Avast and McAfee it may lead to more malware and advertisement.

ESET and Kaspersky are the best for me because after you download a file or going to a website if they found suspicious or viruses they will automatically disinfect the file or delete without asking you.

r1s2g3

sr. member

Activity: 742

Merit: 395

I am alive but in hibernation.

This is not the new virus. The exact name of this virus in "Coin RPG Malware".
Please read below the 4 year old reddit post

https://www.reddit.com/r/Bitcoin/comments/29z742/help_freaking_outpasting_is_not_pasting_the/

Mashfiqun

member

Activity: 100

Merit: 21

Quote from: Lucius on February 24, 2019, 07:12:58 AM

You probably not have such a good antivirus and you only use free version of Malwarebytes. Primary purpose of security software is to protect you from potential threats before they penetrate the system, and for that you should have proactive protection. Think about improving your security software, it is not too expensive, and in any case it is worth it.

Well, sort of. But now I'm considering security seriously. Gonna buy a new premium antivirus.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Mashfiqun on February 24, 2019, 04:42:37 AM

I scanned with my antivirus and MalwareBytes and it was resolved. But I wanted more safety so I did a full Windows re-installation.

You probably not have such a good antivirus and you only use free version of Malwarebytes. Primary purpose of security software is to protect you from potential threats before they penetrate the system, and for that you should have proactive protection. Think about improving your security software, it is not too expensive, and in any case it is worth it.

I also browse some faucets, and it is true most of them have very aggressive advertising and potentially dangerous things, so without adequate protection no user should use such sites / or to use them with device which is not have any crypto wallet.

Mashfiqun

member

Activity: 100

Merit: 21

Quote from: hacker1001101001 on February 24, 2019, 06:36:23 AM

This probably is a known script in the Windows operating system and is used by many hackers out there to manipulate copy-paste or Keystroke activity of a victim. As per I know this is one of the old operating viruses and has not affected much in the crypto space currently. Rather there are many other similar scripts developed every day to manipulate the data on the web. We could say they are pretty common and most of the anti-virus even if they are some free ones, can detect it.

The reason behind you getting affected by the virus would probably be an unwilling click on some spammy stuff online which further led this virus to penetrate in your system and later manipulated your transactions.

My best solution to avoid such type of manipulation is using a Linux operating system which would surely keep you secure from such spammy scripts in the future.

I would suspect you were using a windows operating system right?

Yes I am using Windows as stated in my post.
Using Linux may be a solution but sometimes Windows is the best way to go.
Thanks for your recommendations.

Ipwich

hero member

Activity: 1050

Merit: 529

Student Coin

I have my friends got victimized with this in the past, they are not careful in sending without double checking the recipient address
and their coins was gone. I'm glad they informed so I'm aware and more careful, I'm also not double stuff from the internet as that could be one of the cause, with my sensitive information in my computer, I only dedicate my PC on crypto thing.

Quote from: Jating on February 24, 2019, 05:06:11 AM

This is what you call copy-and-paste virus:

Copy-Paste Virus For Bitcoin Users -- Beware!!!
affected by bitcoin Copy paste viruses

You're lucky that you didn't send the bitcoin right away, otherwise it's goodbye. I'm sure you learn your lessons already so next time just be careful.

hacker1001101001

sr. member

Activity: 1288

Merit: 415

This probably is a known script in the Windows operating system and is used by many hackers out there to manipulate copy-paste or Keystroke activity of a victim. As per I know this is one of the old operating viruses and has not affected much in the crypto space currently. Rather there are many other similar scripts developed every day to manipulate the data on the web. We could say they are pretty common and most of the anti-virus even if they are some free ones, can detect it.

The reason behind you getting affected by the virus would probably be an unwilling click on some spammy stuff online which further led this virus to penetrate in your system and later manipulated your transactions.

My best solution to avoid such type of manipulation is using a Linux operating system which would surely keep you secure from such spammy scripts in the future.

I would suspect you were using a windows operating system right?

You could check this video, to know more about how does the malware work:

Windows ClipBoard Hijacker Swaps out CryptoCurrency Addresses

Mashfiqun

member

Activity: 100

Merit: 21

Quote from: ryap12 on February 24, 2019, 05:39:58 AM

100% it's a malware you got there. But I am not sure if it's due to those faucets where your computer got infected. Are you using google chrome because the browser prevents you from entering dangerous websites and will scan downloads. I highly suspect you installed an infected software which triggered the installation of the malware. Good thing though you notice the address was changed. You did the right thing by re-installing the entire OS which will also remove those other unwanted programs.

I generally do check addresses. But this is the only time it was entirely changed.
I am lucky that I didn't click the send button.
Yes, I thought re-installing OS would help, and it did.
Switching to Brave Browser for more ad blocking. <3

ryap12

member

Activity: 700

Merit: 14

100% it's a malware you got there. But I am not sure if it's due to those faucets where your computer got infected. Are you using google chrome because the browser prevents you from entering dangerous websites and will scan downloads. I highly suspect you installed an infected software which triggered the installation of the malware. Good thing though you notice the address was changed. You did the right thing by re-installing the entire OS which will also remove those other unwanted programs.

jademaxsuy

full member

Activity: 924

Merit: 221

Quote from: UserU on February 24, 2019, 05:22:53 AM

Did you install some browser extensions recently? Usually these are able to hijack your clipboard.

I think the op did install a browser extension which is the reason why the clipboard can be easily hijack by hackers. Browsers are the first step that the hacker can invade your devices through extensions and downloading unknown files or through pop-up ads.

Mashfiqun

member

Activity: 100

Merit: 21

Quote from: UserU on February 24, 2019, 05:22:53 AM

Did you install some browser extensions recently? Usually these are able to hijack your clipboard.

No, just metamask is there.

UserU

hero member

Activity: 2240

Merit: 537

FREE passive income eBook @ tinyurl.com/PIA10

Did you install some browser extensions recently? Usually these are able to hijack your clipboard.

Jating

hero member

Activity: 2842

Merit: 772

This is what you call copy-and-paste virus:

Copy-Paste Virus For Bitcoin Users -- Beware!!!
affected by bitcoin Copy paste viruses

You're lucky that you didn't send the bitcoin right away, otherwise it's goodbye. I'm sure you learn your lessons already so next time just be careful.

jademaxsuy

full member

Activity: 924

Merit: 221

Hacking your clipboard is possible, instead of pasting the address you just copied recently but the address you'll paste os different which happen in your situation. You did well in cleaning your laptop by reinstalling your operating system which help cleaning your laptop. Some anti-viruses can't detect all viruses.

Mashfiqun

member

Activity: 100

Merit: 21

Just yesterday I was going to send some bitcoins to my friends address. He gave me his address, I copied it and went to send on my wallet. Suddenly I saw the address my friend gave me started with 3 but the address I pasted to send the transaction started with 1. I then copied other wallet addresses and pasted on notepad. And everytime it was another new address. This was some kind of clipboard hacking. Some kind of malware came into my laptop and started to do these. I think using faucets and other nsfw sites might have done this.
I scanned with my antivirus and MalwareBytes and it was resolved. But I wanted more safety so I did a full Windows re-installation.

Always try to avoid faucets with a lot of ads, don't click anything stupid, don't download anything unwanted.
And always double check addresses before sending any transaction.
Peace.

Topic: Beware from this malware. - page 2. (Read 437 times)