Author

Topic: Beware of new crypto Trojan Malware Saefko and InnfiRAT! (Read 507 times)

brand new
Activity: 0
Merit: 0
In general, malware can be embedded in the phone directly at the factory. And that is the problem. Here you need to carefully monitor the feedback and discussions of users and specialists who can audit the phones. Because you lose control over the phone, you risk losing your crypto money too
The problem is not in hacking programs or malware, but in the fact that many users ignore simple rules for working with cryptocurrencies. I advise everyone who wants to engage in trading or just crypto management to get acquainted with trading tips on the taklimakan platform. This will provide practical knowledge, as experienced traders are involved in the recommendations. And there is the opportunity to find out for sure and even discuss which crypto wallets, platforms, exchanges are better to use
This is what you correctly noted, users ignore simple rules. However, after the first wallet breakdowns, users usually understand that you can not be careless with cryptocurrencies and the security measures that they are recommended are not just words, but requirements that reduce the chances of losing control of your assets
People are easy to manipulate, otherwise there wouldn’t be so many Ponzi schemes and hacking cases due to simple reports about winnings in stocks. If a person is easily tempted, I would not advise him to engage in crypto investing. These are not games, but a real business, and you can lose not only assets, but also confidential information, which is much more dangerous.
sr. member
Activity: 2030
Merit: 269
...

Thanks for reporting this!

How to protect yourself?
- Don't answer any unknown email
and don't download/open any email attachment from unknown senders



Some of these kind of emails comes from spam folders so never navigate in the spam folders or if you have no choice because you are looking for something, be sure to check the source and if you are unfamiliar don't click or open it, even though it is has a very attractive title, that's what they are good at, they create a very catchy title, it's actually a bait.
newbie
Activity: 27
Merit: 0
In general, malware can be embedded in the phone directly at the factory. And that is the problem. Here you need to carefully monitor the feedback and discussions of users and specialists who can audit the phones. Because you lose control over the phone, you risk losing your crypto money too
The problem is not in hacking programs or malware, but in the fact that many users ignore simple rules for working with cryptocurrencies. I advise everyone who wants to engage in trading or just crypto management to get acquainted with trading tips on the taklimakan platform. This will provide practical knowledge, as experienced traders are involved in the recommendations. And there is the opportunity to find out for sure and even discuss which crypto wallets, platforms, exchanges are better to use
newbie
Activity: 28
Merit: 0
In general, malware can be embedded in the phone directly at the factory. And that is the problem. Here you need to carefully monitor the feedback and discussions of users and specialists who can audit the phones. Because you lose control over the phone, you risk losing your crypto money too
legendary
Activity: 2212
Merit: 7064
...

Thanks for reporting this!

How to protect yourself?
- Don't answer any unknown email
and don't download/open any email attachment from unknown senders

legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Zscaler ThreatLabZ has now reported a similar remote Access Trojan (RAT), called InnfiRAT, which is also written on .net, and which steals data from browser cookies, has the capability to take screenshots on your computer, and has a specific mission for search for crypto related information.

What I lack seeing though is this kind of report is the specific media it was detected on (i.e. zip file named so and so attached to an email on the topic of such and such), even though one obviously should not click on links nor download any software from other than triple checked official sites.

See:
https://cointelegraph.com/news/new-bitcoin-wallet-focused-trojan-uncovered-by-security-researchers
https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more

Note: Why is this thread on Meta?
legendary
Activity: 2212
Merit: 7064
This means that Linux and Mac users are in a bit better position regarding this trojan

This is wrong, just because that piece of code was written using .NET firmware (Microsoft )does not mean it has less effect on any other operation system, in fact i looked at the code and seems like they used C# to write that code,most likely using Visual Studio, and starting from 2017  .Net Visual Studio implemented a new function where you can basically use the same code to compile both windows and mac based application.

I also don't understand why all the fud regarding this one specific malware, it's not like they found an exploit in the .NET firmware or something else, it is simply another RAT , there are RATs by the ton out there and they all cause just about the same damage, there is really no point in warning people about every single one of them, this creates a sort of impression that malware are more effective on crypto assets than credit cards or any other online payment system, which is technically wrong.

These malware are only effective if the user lacks basic knowledge regarding computers/internet security , if you follow one simple rule which is ( NEVER run executable files from untrusted sources ) you are pretty much safe from all malware out there, the only thing that you can't help stop would be an exploit in the OS or one of the trusted programs you have installed on your computer , which is very rare.


I also wrote this:

Quote

but as you can see it is Multi OS.




'FUD' is proportional to amount of sales this trojan got over social media recently,
and specific cryptocurrency targeting.

You should also check out this link regarding Windows Remote Desktop Vulnerability:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182
legendary
Activity: 2394
Merit: 6581
be constructive or S.T.F.U
This means that Linux and Mac users are in a bit better position regarding this trojan

This is wrong, just because that piece of code was written using .NET firmware (Microsoft )does not mean it has less effect on any other operation system, in fact i looked at the code and seems like they used C# to write that code,most likely using Visual Studio, and starting from 2017  .Net Visual Studio implemented a new function where you can basically use the same code to compile both windows and mac based application.

I also don't understand why all the fud regarding this one specific malware, it's not like they found an exploit in the .NET firmware or something else, it is simply another RAT , there are RATs by the ton out there and they all cause just about the same damage, there is really no point in warning people about every single one of them, this creates a sort of impression that malware are more effective on crypto assets than credit cards or any other online payment system, which is technically wrong.

These malware are only effective if the user lacks basic knowledge regarding computers/internet security , if you follow one simple rule which is ( NEVER run executable files from untrusted sources ) you are pretty much safe from all malware out there, the only thing that you can't help stop would be an exploit in the OS or one of the trusted programs you have installed on your computer , which is very rare.
sr. member
Activity: 859
Merit: 251
That's why it's important to isolate anything crypto-related into a clean virtual machine environment. The keylogging bit scares me.
legendary
Activity: 2212
Merit: 7064
I havnt said or written to Blacklist github because that would not happen, i just have written for maybe Blacklist "bitbucket" links if possible! Would be start for against malware posted links! Its just an Suggestion and depends on theymos to do that or not! In the mean time i looking everyday for catch them who Posting this links.

I meant to say Bitbucket and GITLAB (I wrote by mistake Gitlub).
That are active Github alternatives
legendary
Activity: 3136
Merit: 3213
I havnt said or written to Blacklist github because that would not happen, i just have written for maybe Blacklist "bitbucket" links if possible! Would be start for against malware posted links! Its just an Suggestion and depends on theymos to do that or not! In the mean time i looking everyday for catch them who Posting this links.
full member
Activity: 305
Merit: 106
... a good ideea would be to mark spoofed links...
Code:
 [url=https://youtube.com]https://google.com[/url]
In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github!
And as i said earlier we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!
I understand and saw/reported a few myself
What I was suggesting is something like this: instead of the old blue color a link normally has, color it red if spoofed

https://bitcointalk.org - keep it blue
Code:
https://bitcointalk.org
https://www.google.com - keep it blue
Code:
https://www.google.com
https://bitcoin.org - make it red
Code:
[url=https://www.youtube.com]https://bitcoin.org[/url]

It could help imo. Maybe a bit with fake/spoofed github repos and with anything else of that manner ...
legendary
Activity: 2212
Merit: 7064
It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
Code:
 [url=https://youtube.com]https://google.com[/url]
In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github!
And as i said earlyer we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!

I am not sure blacklisting bitbucket or Gitlub is a good solution for this.
I am more for some pop up or notification implementation.
legendary
Activity: 3136
Merit: 3213
It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
Code:
 [url=https://youtube.com]https://google.com[/url]
In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github!
And as i said earlyer we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!
full member
Activity: 305
Merit: 106
It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed
Code:
 [url=https://youtube.com]https://google.com[/url]
legendary
Activity: 3136
Merit: 3213
I fighting the last month and weeks about the Fake ANNs here on the forum , and all links there are getting you to Fake githubs where they have there Malware software !
Also for bitbucket is the most times  Malware infected links . But its hard and difficult to do something about !
At the moment we just can look for them and findd it earlyer and report them to the Mods.
legendary
Activity: 2212
Merit: 7064
Anyway thanks for let others know about that Trojan and Malware thing !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !

I agree.
That is why I think adding some notification warning from Bitcointalk would be good, regarding new security threats,
and maybe also separate sticky topic/threat for that.

Something like this or similar:






legendary
Activity: 3136
Merit: 3213
Anyway thanks for let others know about that Trojan and Malware thing !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !
legendary
Activity: 2212
Merit: 7064
Thanks @Pmalek
legendary
Activity: 2730
Merit: 7065
Search like this for example:
site:bitcointalk.org Saefko to display results only from bitcointalk.org containing the search term Saefko or any other term you would like to see.

And you will get this:


legendary
Activity: 2212
Merit: 7064
We need one Locked topic related only to Malware, Viruses and Phishing security warnings,
No one has been locked, all the topics are almost the same.

Maybe you have something more unique about information (Malware, Viruses and Phishing security warnings) in a new method.
Topic:
[1]. Topic: Phishing myetherwallet site
[2]. Topic: 5 Ways to Avoid Bitcoin Scams
[3]. Topic: Google Malware Checker l SEO Ninja Softwares
[4]. Topic: Smishing and how not to fall for it
[5]. Topic: Cryptocurrencies Wallets
[6]. Topic: Hacker stole my funds from blockchain
[7]. Topic: Protecting Your Computer?

Thanks.
I meant to say ONE united STICKY topic for all that ....
my bad   Grin


We need a better SEARCH function for Bitcointalk forum,
as I did search before I posted, and I can't track every single post...
I noticed that searching for recent posts I always get some weird incorrect results...

This this forum search guide may help in case you have not read it yet https://bitcointalksearch.org/topic/tips-guide-for-forum-search-3127909


Thanks.
I know how to use it, but 'most recent' is not giving good results



maybe there should be option for most recent post


sr. member
Activity: 882
Merit: 301
We need a better SEARCH function for Bitcointalk forum,
as I did search before I posted, and I can't track every single post...
I noticed that searching for recent posts I always get some weird incorrect results...

This this forum search guide may help in case you have not read it yet https://bitcointalksearch.org/topic/tips-guide-for-forum-search-3127909
legendary
Activity: 2128
Merit: 1775
We need one Locked topic related only to Malware, Viruses and Phishing security warnings,
No one has been locked, all the topics are almost the same.

Maybe you have something more unique about information (Malware, Viruses and Phishing security warnings) in a new method.
Topic:
[1]. Topic: Phishing myetherwallet site
[2]. Topic: 5 Ways to Avoid Bitcoin Scams
[3]. Topic: Google Malware Checker l SEO Ninja Softwares
[4]. Topic: Smishing and how not to fall for it
[5]. Topic: Cryptocurrencies Wallets
[6]. Topic: Hacker stole my funds from blockchain
[7]. Topic: Protecting Your Computer?
legendary
Activity: 2212
Merit: 7064
If not mistaken I also see the same topic, warning about, (Cryptom Malware Saefko Trojan). A few days ago.

Topic: Researchers Discover New Crypto-Focused Trojan

I thought it was just a joke to frighten cryptocurrency investors,

However, every day the news gets more popular, it talks about fraud.

So, it's worth watching out for if this continues to grow.

As discussed.
Zscaler ThreatLabZ Discovers New Saefko Remote-Access Trojan (RAT) Malware Targeting Crypto Users

Researchers Discover New Cryptocurrency-Focused Trojan

Maybe whether there is an effect on Bitcoin in 2019 will skyrocket.
Reasons to scare off investors / cryptocurrency investments.


Bitcoin INFO



or this is indeed reality.
I only thought.



Thanks!

We need a better SEARCH function for Bitcointalk forum,
as I did search before I posted, and I can't track every single post...
I noticed that searching for recent posts I always get some weird incorrect results...

We need one Locked topic related only to Malware, Viruses and Phishing security warnings,
please moderators Smiley

legendary
Activity: 2128
Merit: 1775
If not mistaken I also see the same topic, warning about, (Cryptom Malware Saefko Trojan). A few days ago.

Topic: Researchers Discover New Crypto-Focused Trojan

I thought it was just a joke to frighten cryptocurrency investors,

However, every day the news gets more popular, it talks about fraud.

So, it's worth watching out for if this continues to grow.

As discussed.
Zscaler ThreatLabZ Discovers New Saefko Remote-Access Trojan (RAT) Malware Targeting Crypto Users

Researchers Discover New Cryptocurrency-Focused Trojan

Maybe whether there is an effect on Bitcoin in 2019 will skyrocket.
Reasons to scare off investors / cryptocurrency investments.


Bitcoin INFO



or this is indeed reality.
I only thought.
legendary
Activity: 2212
Merit: 7064

As reported by Cointelegraph and Zscaler, there is a new trojan malware based on Microsoft .NET that targets crypto, named Saefko
This means that Linux and Mac users are in a bit better position regarding this trojan, but as you can see it is Multi OS.






Please read source articles, educate and protect yourself:
https://cointelegraph.com/news/researchers-discover-new-cryptocurrency-focused-trojan
https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat


Zscaler ThreatLabZ has now reported a similar remote Access Trojan (RAT), called InnfiRAT, which is also written on .net, and which steals data from browser cookies, has the capability to take screenshots on your computer, and has a specific mission for search for crypto related information.

What I lack seeing though is this kind of report is the specific media it was detected on (i.e. zip file named so and so attached to an email on the topic of such and such), even though one obviously should not click on links nor download any software from other than triple checked official sites.

See:
https://cointelegraph.com/news/new-bitcoin-wallet-focused-trojan-uncovered-by-security-researchers
https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more





How to protect yourself?

- Don't answer any unknown email
and don't download/open any email attachment from unknown senders

Jump to: