In general, malware can be embedded in the phone directly at the factory. And that is the problem. Here you need to carefully monitor the feedback and discussions of users and specialists who can audit the phones. Because you lose control over the phone, you risk losing your crypto money too
The problem is not in hacking programs or malware, but in the fact that many users ignore simple rules for working with cryptocurrencies. I advise everyone who wants to engage in trading or just crypto management to get acquainted with trading tips on the taklimakan platform. This will provide practical knowledge, as experienced traders are involved in the recommendations. And there is the opportunity to find out for sure and even discuss which crypto wallets, platforms, exchanges are better to use
Topic: Beware of new crypto Trojan Malware Saefko and InnfiRAT! (Read 505 times)
...
Thanks for reporting this!
How to protect yourself?
- Don't answer any unknown email
and don't download/open any email attachment from unknown senders
Some of these kind of emails comes from spam folders so never navigate in the spam folders or if you have no choice because you are looking for something, be sure to check the source and if you are unfamiliar don't click or open it, even though it is has a very attractive title, that's what they are good at, they create a very catchy title, it's actually a bait.
In general, malware can be embedded in the phone directly at the factory. And that is the problem. Here you need to carefully monitor the feedback and discussions of users and specialists who can audit the phones. Because you lose control over the phone, you risk losing your crypto money too
The problem is not in hacking programs or malware, but in the fact that many users ignore simple rules for working with cryptocurrencies. I advise everyone who wants to engage in trading or just crypto management to get acquainted with trading tips on the taklimakan platform. This will provide practical knowledge, as experienced traders are involved in the recommendations. And there is the opportunity to find out for sure and even discuss which crypto wallets, platforms, exchanges are better to use
In general, malware can be embedded in the phone directly at the factory. And that is the problem. Here you need to carefully monitor the feedback and discussions of users and specialists who can audit the phones. Because you lose control over the phone, you risk losing your crypto money too
...
Thanks for reporting this!
How to protect yourself?
- Don't answer any unknown email
and don't download/open any email attachment from unknown senders
Zscaler ThreatLabZ has now reported a similar remote Access Trojan (RAT), called InnfiRAT, which is also written on .net, and which steals data from browser cookies, has the capability to take screenshots on your computer, and has a specific mission for search for crypto related information.
What I lack seeing though is this kind of report is the specific media it was detected on (i.e. zip file named so and so attached to an email on the topic of such and such), even though one obviously should not click on links nor download any software from other than triple checked official sites.
See:
https://cointelegraph.com/news/new-bitcoin-wallet-focused-trojan-uncovered-by-security-researchers
https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more
Note: Why is this thread on Meta?
What I lack seeing though is this kind of report is the specific media it was detected on (i.e. zip file named so and so attached to an email on the topic of such and such), even though one obviously should not click on links nor download any software from other than triple checked official sites.
See:
https://cointelegraph.com/news/new-bitcoin-wallet-focused-trojan-uncovered-by-security-researchers
https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more
Note: Why is this thread on Meta?
This means that Linux and Mac users are in a bit better position regarding this trojan
This is wrong, just because that piece of code was written using .NET firmware (Microsoft )does not mean it has less effect on any other operation system, in fact i looked at the code and seems like they used C# to write that code,most likely using Visual Studio, and starting from 2017 .Net Visual Studio implemented a new function where you can basically use the same code to compile both windows and mac based application.
I also don't understand why all the fud regarding this one specific malware, it's not like they found an exploit in the .NET firmware or something else, it is simply another RAT , there are RATs by the ton out there and they all cause just about the same damage, there is really no point in warning people about every single one of them, this creates a sort of impression that malware are more effective on crypto assets than credit cards or any other online payment system, which is technically wrong.
These malware are only effective if the user lacks basic knowledge regarding computers/internet security , if you follow one simple rule which is ( NEVER run executable files from untrusted sources ) you are pretty much safe from all malware out there, the only thing that you can't help stop would be an exploit in the OS or one of the trusted programs you have installed on your computer , which is very rare.
I also wrote this:
Quote
but as you can see it is Multi OS.
'FUD' is proportional to amount of sales this trojan got over social media recently,
and specific cryptocurrency targeting.
You should also check out this link regarding Windows Remote Desktop Vulnerability:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
This means that Linux and Mac users are in a bit better position regarding this trojan
This is wrong, just because that piece of code was written using .NET firmware (Microsoft )does not mean it has less effect on any other operation system, in fact i looked at the code and seems like they used C# to write that code,most likely using Visual Studio, and starting from 2017 .Net Visual Studio implemented a new function where you can basically use the same code to compile both windows and mac based application.
I also don't understand why all the fud regarding this one specific malware, it's not like they found an exploit in the .NET firmware or something else, it is simply another RAT , there are RATs by the ton out there and they all cause just about the same damage, there is really no point in warning people about every single one of them, this creates a sort of impression that malware are more effective on crypto assets than credit cards or any other online payment system, which is technically wrong.
These malware are only effective if the user lacks basic knowledge regarding computers/internet security , if you follow one simple rule which is ( NEVER run executable files from untrusted sources ) you are pretty much safe from all malware out there, the only thing that you can't help stop would be an exploit in the OS or one of the trusted programs you have installed on your computer , which is very rare.
That's why it's important to isolate anything crypto-related into a clean virtual machine environment. The keylogging bit scares me.
I havnt said or written to Blacklist github because that would not happen, i just have written for maybe Blacklist "bitbucket" links if possible! Would be start for against malware posted links! Its just an Suggestion and depends on theymos to do that or not! In the mean time i looking everyday for catch them who Posting this links.
I meant to say Bitbucket and GITLAB (I wrote by mistake Gitlub).
That are active Github alternatives
I havnt said or written to Blacklist github because that would not happen, i just have written for maybe Blacklist "bitbucket" links if possible! Would be start for against malware posted links! Its just an Suggestion and depends on theymos to do that or not! In the mean time i looking everyday for catch them who Posting this links.
... a good ideea would be to mark spoofed links...
In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github! Code:
[url=https://youtube.com]https://google.com[/url]
And as i said earlier we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!
What I was suggesting is something like this: instead of the old blue color a link normally has, color it red if spoofed
https://bitcointalk.org - keep it blue
Code:
https://bitcointalk.org
Code:
https://www.google.com
Code:
[url=https://www.youtube.com]https://bitcoin.org[/url]
It could help imo. Maybe a bit with fake/spoofed github repos and with anything else of that manner ...
It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github! Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
Code:
[url=https://youtube.com]https://google.com[/url]
And as i said earlyer we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!
I am not sure blacklisting bitbucket or Gitlub is a good solution for this.
I am more for some pop up or notification implementation.
It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github! Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
Code:
[url=https://youtube.com]https://google.com[/url]
And as i said earlyer we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!
It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
Code:
[url=https://youtube.com]https://google.com[/url]
I fighting the last month and weeks about the Fake ANNs here on the forum , and all links there are getting you to Fake githubs where they have there Malware software !
Also for bitbucket is the most times Malware infected links . But its hard and difficult to do something about !
At the moment we just can look for them and findd it earlyer and report them to the Mods.
Also for bitbucket is the most times Malware infected links . But its hard and difficult to do something about !
At the moment we just can look for them and findd it earlyer and report them to the Mods.
Anyway thanks for let others know about that Trojan and Malware thing !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !
I agree.
That is why I think adding some notification warning from Bitcointalk would be good, regarding new security threats,
and maybe also separate sticky topic/threat for that.
Something like this or similar:
Anyway thanks for let others know about that Trojan and Malware thing !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !
Thanks @Pmalek
Search like this for example:
site:bitcointalk.org Saefko to display results only from bitcointalk.org containing the search term Saefko or any other term you would like to see.
And you will get this:
site:bitcointalk.org Saefko to display results only from bitcointalk.org containing the search term Saefko or any other term you would like to see.
And you will get this:
Jump to: