Pages:
Author

Topic: Beware of Clipboard Virus! (Read 604 times)

sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
December 15, 2023, 06:52:43 AM
#65
...(Superfetch)...
Thank you for the heads up. Though I have had computer knowledge for many years, I never knew something like this even existed. I mean wow. I'll give it a try and see how it works. Wink
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
December 15, 2023, 06:18:20 AM
#64
@DYING_S0UL, I remembered one "trick" that might help you speed up your computer, because even though you have 8 GB of RAM and you say that it still works slowly, you can try to stop a W10 feature called (SysMain (Superfetch)) which actually preloads those apps that you use it most often, so it can take up a lot of RAM.

All you need is to follow the instructions on the link and first stop that process, and then disable it from starting automatically with the OS. In case you need this feature again, you can simply turn it on.

Quote
Superfetch was introduced with Windows Vista and it's now known as SysMain on the latest versions of Windows 10 and 11. This Windows service runs in the background and analyzes your PC usage.
Based on your usage, the service determines what apps you're most likely to use. Then, it preloads those apps in your PC's RAM so you can open those apps quickly. In other words, this service speeds up the launching of the most used apps on your PC.

Code:
https://www.howtogeek.com/811043/disable-superfetch/
hero member
Activity: 2338
Merit: 517
Catalog Websites
December 10, 2023, 12:51:43 PM
#63
The best anti virus still is our self awareness. Sorry for your loss OP. This is the reason that even we've got self awareness with our browsing activities, it's always best to check receiver's address carefully before doing a transaction.

This why I always advice to use mobile for transaction and stay away from doing any single transaction in the PC where this scam attacks are in the high numbers.
It's opposite for me, it's still best to check transactions through a PC or laptop setup. Or, when you have spare devices, you can be meticulous and just use it specifically for transactions and you won't do any browsing there or any downloads aside from the wallets that you have there.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
December 10, 2023, 11:21:39 AM
#62
If a virus has been detected, reinstalling your device is the most appropriate choice to clean everything. As OP experienced, it's possible that the antivirus really didn't detect the virus until we realized when it was connected to a crypto wallet. and the situation is just waiting for us to be careless.
Nope, reformat is the best thing to do if there's a potential that you've downloaded a virus together with an app, that's the only way to remove the virus and be sure that reuse of the computer is clean slate. Virus don't go away just because you've deleted the file that it came with because some of them install themselves somewhere that's different from the destination of the file that they've been with.
By reinstalling he may have only meant installing windows freshly. But yes your are correct. Reformatting the hard disk the only best thing that can ensure you that the virus isn't there anymore. Because you can't detect it when using windows normally. BTW I wouldn't tell this virus is a virus. A virus replaces malicious codes into the original codes, basically making the system unstable or unusable. But in this case, it doesn't do anything or damage anything, it just replaces the address. What a genius piece of virus/malware man, really genius!!! Shocked. The person who made this could have made something good but instead he have chosen evil.
member
Activity: 382
Merit: 12
Axioma Holding - Axioma Pay Crypto Card
December 09, 2023, 07:38:42 AM
#61
And this is the third time I have gotten infected with the clipboard virus. I don't know why I always end up with the particular virus. Though I don't know how to properly define this thing as a virus or malware. I don't use any third-party antivirus, but my Windows Defender is always on. So I have no idea how I got infected. Windows defender seems to not be working regarding this virus. I guess, other antivirus programs won't work either. There is no way to fix this. So unfortunately, I had to reinstall Windows twice the same day to fully get rid of this virus. Such a hassle. Lucky for me, I didn't send out any funds since I remembered my original address. The moment I saw a change of address, I knew something was wrong. Here is the phishing address. The total received amount is almost $28k I wonder how many innocent people fell a victim to it.

It seems that this is not the problematic windows defender, not all software is dangerous or viruses by windows defender. If I look at the case, it looks like this wallet is still connected to the scam site. because if the virus will disappear if you change the OS to linux.
sr. member
Activity: 1666
Merit: 426
December 08, 2023, 11:12:37 PM
#60
~
if it applies to mobile phones it will be very easy when newly installed applications will of course require approval for some access on the smartphone.
applications downloaded from official sites may have very little risk. but on a PC or other device, we often download and install applications provided by other developers.
There are some stuff that can easily bypass through a phone's security and even on the app store that are supposedly safe for you to download on stuff, you can see some apps that can bypass through that are Trojan. You also can never be sure of official sites because there are scammers that imitates the official website and pays top dollar to get on top of the search engine results which buries the official site on 3rd or 4th place in the results. The best thing to do is to double or triple check so you are sure that something isn't fishy.
~
If a virus has been detected, reinstalling your device is the most appropriate choice to clean everything. As OP experienced, it's possible that the antivirus really didn't detect the virus until we realized when it was connected to a crypto wallet. and the situation is just waiting for us to be careless.
Nope, reformat is the best thing to do if there's a potential that you've downloaded a virus together with an app, that's the only way to remove the virus and be sure that reuse of the computer is clean slate. Virus don't go away just because you've deleted the file that it came with because some of them install themselves somewhere that's different from the destination of the file that they've been with.
hero member
Activity: 826
Merit: 583
December 08, 2023, 10:34:14 PM
#59
That could be the answer since, I recently got this device. So a lot of software had to be reinstalled. But that's not what I'm worrying about. I worry about windows defender not detecting it. And it's not that I got infected and the very moment I noticed it. I think I was infected for more then 10 days. There was no way of knowing, until I tried to make a transaction and made this discovery. That's what I don't like about it. This sly virus, not showing up anywhere until someone tried something related to crypto.
Have you checked on any of your recent programs that you've downloaded? There's a possibility that the reason why the Windows Defender didn't detect this is probably because it's a Trojan and an advance one at that as Windows Defender is already a good antivirus program so you can probably check on the previous downloads that you've done. Is this virus only a thing for computers? Or is it on mobile too? It's a scary thing for me because I'm not really checking too much on which address I would send my bitcoin so I'm a likely victim to this, good thing I don't do a lot of transactions.

if it applies to mobile phones it will be very easy when newly installed applications will of course require approval for some access on the smartphone.
applications downloaded from official sites may have very little risk. but on a PC or other device, we often download and install applications provided by other developers.

If a virus has been detected, reinstalling your device is the most appropriate choice to clean everything. As OP experienced, it's possible that the antivirus really didn't detect the virus until we realized when it was connected to a crypto wallet. and the situation is just waiting for us to be careless.
sr. member
Activity: 1666
Merit: 426
December 08, 2023, 09:44:29 PM
#58
That could be the answer since, I recently got this device. So a lot of software had to be reinstalled. But that's not what I'm worrying about. I worry about windows defender not detecting it. And it's not that I got infected and the very moment I noticed it. I think I was infected for more then 10 days. There was no way of knowing, until I tried to make a transaction and made this discovery. That's what I don't like about it. This sly virus, not showing up anywhere until someone tried something related to crypto.
Have you checked on any of your recent programs that you've downloaded? There's a possibility that the reason why the Windows Defender didn't detect this is probably because it's a Trojan and an advance one at that as Windows Defender is already a good antivirus program so you can probably check on the previous downloads that you've done. Is this virus only a thing for computers? Or is it on mobile too? It's a scary thing for me because I'm not really checking too much on which address I would send my bitcoin so I'm a likely victim to this, good thing I don't do a lot of transactions.
hero member
Activity: 2520
Merit: 952
December 08, 2023, 09:37:42 PM
#57
~
I don't really have an ides in what clipboard virus actually means and how one can contract it. I think I just have to be very careful on how I download files online and send it to my system. It might be very difficult for one to know how this virus actually get into system but time will te for us to have idea on what this actually means. There is no way this virus can be eradicated then it might be that even formatting the system does not actually take away the virus entirely from the system.

Basically, it changes crypto address, suppose you are transferring funds to your other account having address 'abc..' and you copied this address into your clipboard then this virus would change it to hacker's address, 'adc' — if you are not careful enough you will confirm it under the illusion that it's the address you are sending to (I hope you recognized 'c' in hacker's address  Tongue).
legendary
Activity: 966
Merit: 1042
#SWGT CERTIK Audited
December 08, 2023, 12:18:27 PM
#56
Hmm, interesting also thanks Op for mentioning this, currently I'm using the third-party clipboard to save time while working with data, I'll make sure to uninstall it because I've some of the active hot wallets working on my same PC. Seems like there's something OP hasn't tracked out because even after reading the full post i cant figure out how OP's system got infected. Here in my case, there's no incident yet but as I'm using third-party clipboard software there are some vulnerabilities.

These days I've encountered 2 stories back to back covering the hacking using the rubber ducky, so what I want to mention is dont be careless and make sure of a healthy environment while working with finance-related data and applications. Prefer a hardware wallet more suitable if you can afford it.

sr. member
Activity: 1008
Merit: 262
20BET - Premium Casino & Sportsbook
December 08, 2023, 11:59:44 AM
#55
Since I come to realize that there is thing called clipboard virus which can change the address halfway I have started checking address in middle as well.

My revolution:

copy-paste address blindly >> check first letters >> check first and last letters >> current stage: check first-middle-end letters

I hope it doesn't come to stage where you have check whole address letter by letter  Tongue


I don't really have an ides in what clipboard virus actually means and how one can contract it. I think I just have to be very careful on how I download files online and send it to my system. It might be very difficult for one to know how this virus actually get into system but time will te for us to have idea on what this actually means. There is no way this virus can be eradicated then it might be that even formatting the system does not actually take away the virus entirely from the system.
sr. member
Activity: 322
Merit: 318
The Alliance Of Bitcointalk Translators - ENG>BAN
December 08, 2023, 11:54:16 AM
#54
They can actually clone almost a full address with just maybe a two or three characters missing from it.
The only way to do that, is by creating a burn address. There's no profit for a scammer who burns the money he steals.

Quote
This is possible with vanity address generators.
Try it. Address 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF holds 79,957.26462896BTC. I'll make it easy on you: instead of 3 missing characters, try to create an address with 15 missing characters. You'll realize that what you suggested is not possible.

He may be referring to address poisoning. Where the last part may be similar to the original address. I can't remember where but I may have came across such a topic.

Found it: https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams

I knew about token burning but never knew address burning was possible. New days, new things to learn. You have any thread regarding address burning? Would appreciate very much.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 08, 2023, 04:34:42 AM
#53
They can actually clone almost a full address with just maybe a two or three characters missing from it.
The only way to do that, is by creating a burn address. There's no profit for a scammer who burns the money he steals.

Quote
This is possible with vanity address generators.
Try it. Address 1FeexV6bAHb8ybZjqQMjJrcCrHGW9sb6uF holds 79,957.26462896BTC. I'll make it easy on you: instead of 3 missing characters, try to create an address with 15 missing characters. You'll realize that what you suggested is not possible.
sr. member
Activity: 728
Merit: 421
December 08, 2023, 03:45:01 AM
#52
It is very much important that one needs to cross check their details before any possible actions of initiating a transfer because the virus is very tricky. I have had such experience before where I almost approved a transaction but I was curious to check again for myself when I noticed a change in the wallet address I had to cross check with my previous transaction to see for myself and that was when I realised my gadget got infiltrated by the clipboard virus. I had to format my gadget. Then start afresh reinstallation.

It is advisable to do well confirm and reconfirm your details before you approve of any transaction when it comes to huge funds involved. This measures would save you the stress of losing funds to scammers and to also take note of any changes in your gadgets when it comes to initiate transaction.
sr. member
Activity: 630
Merit: 298
December 07, 2023, 05:23:57 PM
#51
Good realization mate. BTW, I don't think this malware has come to that point to clone an entire/slightly different or half of an address. It hasn't become that capable yet. One thing I'm unsure of is what triggers this virus. Certainly copy pasting casual text won't make it active, while I was infected I only realized after copying a btc address. Another thing is this virus only targets specific address? This is my concern. If it only targeted BTC then other altcoin address won't active it. And sending altcoins to an bitcoin address doesn't make sense, it it? My guess it only targets the big ones such as bitcoin or etheream etc. So if a user is infected and only uses altcoins, there is a big chance he won't detect that he is infected.

Only solution is to always memorize your address (the last part).

They can actually clone almost a full address with just maybe a two or three characters missing from it. This is possible with vanity address generators. Since with this type of address you can choose your own few characters rather than all of them been randomly generated. That is why the attack is on specific address maybe those that look similar. The best thing is to use an offline wallet and if you get infected with this malware just reformat the HD

As for addresses memorization it is bad because it means you will only use those few addresses which are not good for privacy. Also you shouldn’t rely on memory as you could make a mistake and send to a wrong address still even if it is not that of the scammer
hero member
Activity: 2632
Merit: 833
December 07, 2023, 04:41:18 PM
#50
This is not a new thing definitely, if you said that this is not your first time then maybe re-installing into a fresh operating system could prevent this from happened again, and also complete scan your whole disk with the latest update of anti-virus database. Now to prevent you from accidentally sending to a virus address, you could use app that has contact book feature so you don't need to copy and paste everytime you send your fund to your usual address.

Yes, this has been going for many years now, clipboard virus has evolved so much. And there are a lot of warnings from the community regarding this kind of attack. So I guess with the price going up again, there could be a lot of scammers and malwares and other ways to get infected by this kind of clipboard virus. And on our part, we should check everything before we send our bitcoin to someone. It might not be their addresses, and if we found out that way, then our machine are infected. So the best course of action is to reinstall everything from scratch and then install the latest AV and test if the virus is still in your computer.
hero member
Activity: 826
Merit: 583
December 06, 2023, 11:08:11 AM
#49
Now to prevent you from accidentally sending to a virus address, you could use app that has contact book feature so you don't need to copy and paste everytime you send your fund to your usual address.

yes, if it's a routine transaction like sending to our exchange address, it might be possible to do it. but if you have just made a transaction with someone else or have just had several transactions, we can copy and paste the address or scan the QR code.
Copy and paste activities are often done. and if it gets a virus, of course, it becomes a serious problem. Always double-check the destination address carefully before approving a transaction. Sometimes we are too hasty and too sure of what we usually do. and that is the loophole for scammers in this way.
sr. member
Activity: 1400
Merit: 268
Fully Regulated Crypto Casino
December 06, 2023, 10:39:37 AM
#48
This is not a new thing definitely, if you said that this is not your first time then maybe re-installing into a fresh operating system could prevent this from happened again, and also complete scan your whole disk with the latest update of anti-virus database. Now to prevent you from accidentally sending to a virus address, you could use app that has contact book feature so you don't need to copy and paste everytime you send your fund to your usual address.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
December 06, 2023, 06:21:15 AM
#47
Only solution is to always memorize your address (the last part).
The only solution is the check the entire address. Address reuse is bad for privacy anyway, so memorizing the address doesn't make sense.

Exactly, because some clipboard malwares have gone a little further than simple address replacement - they already try to replace the original address by searching in their database for the one that most closely resembles the owner's address. I know I once read about it here on the forum, and I think hackers will become even more inventive, especially now that they are using AI.

When it comes to checking addresses, those who know the risks leave nothing to chance, right?

Ledger omitting one character from a Doge address
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
December 06, 2023, 03:29:00 AM
#46
Only solution is to always memorize your address (the last part).
The only solution is the check the entire address. Address reuse is bad for privacy anyway, so memorizing the address doesn't make sense.
Pages:
Jump to: