Pages:
Author

Topic: Bunny Loader: Another Clipboard malware (Read 272 times)

legendary
Activity: 2730
Merit: 7065
October 09, 2023, 10:48:36 AM
#30
Did you read the other part of my post? I want to know how can I escape this malware. How they get into the system. I will have to do some research if I do not get any reply here.
I saw it but I don't know how people get infected. I treat everything I am unsure of as a potential threat and it has helped me to protect my devices from malware of all kinds.

Usually, I click on random website links provided by forum members, social media people, and friends.
I can only advice you to stop. That's one way how to get infected with something. Limiting your curiosity helps you be safe online. If the links and messages come from friends, it doesn't mean they are safe. Those friends might not wish you any harm, but they too might have been infected with something that is now spreading by itself. Try to apply as much common sense as you can to anything you do online and think twice before doing something. 
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
October 08, 2023, 07:24:03 AM
#29
Most of us do not double-check the address before we send the crypto to the destination.
I know that I do, multiple times. If you belong to the group that doesn't do it, you better change for your own good. One slipup and your coins are gone.

I know I have to be careful with it. These things are habits. If someone is concerned about their security, they always double-check these things before performing actions. Usually, I do not check does not mean I always do not check. I check sometimes, but I have to be careful with it.

Did you read the other part of my post? I want to know how can I escape this malware. How they get into the system. I will have to do some research if I do not get any reply here. Usually, I click on random website links provided by forum members, social media people, and friends.
legendary
Activity: 2730
Merit: 7065
October 08, 2023, 07:03:05 AM
#28
You should always compare the address on the hardware wallet screen to the address of the source. In your example, the source is the ecommerce site, not the Trezor Suite/Ledger Live software. If those addresses match, you are good to go. The one problem that could still arise is that the source displays a wrong address, but in that case, it's their mistake and you just sent money where they told you to. 

Most of us do not double-check the address before we send the crypto to the destination.
I know that I do, multiple times. If you belong to the group that doesn't do it, you better change for your own good. One slipup and your coins are gone.
hero member
Activity: 462
Merit: 767
Instant cryptocurrency exchange with own reserves!
October 08, 2023, 06:24:41 AM
#27
I am afraid of this malware. The problem is we don't know when these malware affect our machines until we notice the changes of address. Most of us do not double-check the address before we send the crypto to the destination. I wonder how this malware enters the system. Do these malware get downloaded with other programs? Let's say I did not download any program or file in the last couple of months, do I still have the possibility to get affected? Can those malware get into my machine just by visiting some random links? If this malware cannot get into a PC without downloading any program, then it's a relief. Otherwise, it's a big threat as we always click random links.
sr. member
Activity: 1820
Merit: 436
October 08, 2023, 04:18:50 AM
#26
Interesting, good thing that you posted this one here making a lot of members here in the Forum about this one, It a pretty interesting malware looking for information that is actually related to cryptocurrency, there are for sure some obvious things here like credit cards, download, history, password, autofill data. I mean you would really save something like that on a computer even though it is for sure your personal computer, because of something like this because now if the hacker is able to gain access to your computer they could easily access this information as well where it could easily lead to getting hack and losing your money.

I mean if you actually know what you are doing this hacker cannot really access your computer since this malware needs to run first and if you dont really download anything that is suspicious for sure there was nothing to worry about, so just avoid downloading things that is not really trusted like, for example, your going to download a file from a really suspicious website, or download a file that is sent by an unknown email on your email account or downloading crack games, this files might contain malware, virus, etc. that could easily wipe your cryptocurrency, you could for sure buy a cheap laptop where you're only going to use it for cryptocurrency to avoid this.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
October 08, 2023, 04:09:26 AM
#25
<…>
I was really aiming at prior step in the chain though in my comment, which would seem more like a potentially feasible situation one may encounter, and that having using a hardware wallet should not exempt the user from being cautious about.

Say someone wanted to pay in bitcoin for a given service/item on a certain ecommerce site. The site will show an address (A), and the user may copy/paste the address from the site to Trezor Suite/Ledger Live (B) wallet interface. Then he’ll use his hardware wallet (C) to generate the payment transaction.

In this scenario, a clipboard malware could change the address copied in step A in such a way that the pasted address value in step B is now different (i.e. the malicious actor’s address). The user may happily compare the (now malicious) address shown in step B with that of the hardware wallet’s address in step C, see they’re the same, and happily sign the payment TX. What I wanted to stress is that one really needs to compare the address on the screen (step C) with the original address back in step A (the seller’s provided address), and not (just) B.
legendary
Activity: 2730
Merit: 7065
October 08, 2023, 03:06:26 AM
#24
If you can afford it, get yourself a separate laptop for your less safe activities. Like downloading pirated movies and software. Especially for late-hour XXX adventures. Keep such stuff away from your main devices so even if something happens, you can easily recover. 

Using a hardware wallet does not exempt one from being a potential victim to clipboard malware, as some people believe. Though the screen of the device will show you the address you are going to send the TX to, and you can (and should) contrast that against your intended address, you need to check against the original intended address, not the address you copied and pasted on the wallet interface (clipboard malware can change the address between the address you copied, and the pasted address on the wallet’s interface – i.e. Trezor Suite or Ledger Live).
That's correct in theory but has anyone ever seen it in practice? Do we have a documented case where a user saw a different address in his Trezor Suite or Ledger Live compared to the information that was later displayed on the hardware wallet screen?

Could it be possible that this could occur by just opening a mail?
I seriously doubt it. Such malware is associated with attachments or links where you automatically download and install it in the background. Opening and reading phishing emails or social engineering scams won't infect you. But that doesn't mean you should do it because it increases the possibility that you could click on something in those emails.
hero member
Activity: 2184
Merit: 531
October 07, 2023, 03:38:53 PM
#23
It's very easy to spot it.
Make sure you make double checking everything into a habit.

Good builder always repeats this like mantra: measure twice, cut once. You do the same with your transactions, double check then press the button. So, after pasting the address I read it and compare to the original. If I see a change that's a red flag. I haven't had that keylogger yet but if I ever spot it I'll stop right there, disconnect my network cable, run anti virus software, then change all the recently used wallet passwords in offline mode.
sr. member
Activity: 966
Merit: 306
October 06, 2023, 10:51:31 PM
#22
Installing the latest antivirus software is a poor advice and may be provided by some technical articles, but antiviruses update their database periodically, which means that there may be viruses that are not present in the database, which gives high probability false positive reports.
If those Antivirus softwares are not updated fast enough to deal with newest viruses, they will have to base on old data and scanning with them potential results in false negative report. That if we trust on false negative report from those softwares and think our devices are clean, we can lose our coins.

Quote
- Check the title completely, or at least the first and last 8 characters.
 - Make sure everything is correct before broadcasting the transaction.
The biggest fear and threat is losing coins directly by a device and wallet compromise.

Checking some first and last characters of a Bitcoin address is a good practice.
How to lose your Bitcoins with CTRL-C CTRL-V.

Years ago, online services don't have the reminders for their users but recent years, it becomes a mandatory step when you submit a withdrawal request to an exchange. Spending a couple of seconds to check some characters is worthy to do and help us to avoid loss.
sr. member
Activity: 1288
Merit: 231
Hire Bitcointalk Camp. Manager @ r7promotions.com
October 06, 2023, 06:23:26 PM
#21
Since my thread on clipboard virus and many other viruses which have been discussed before the one I letter brought to this forum, I have seen that this hackers or group of hackers are not just ending their scamming schemes they are doing everything within them to upgrade their tools and make sure they are prepared for which ever tools that people are using to protect them self from being victim of their hack.

This one they have gotten to a stage where some of the virus are not even being detected by most of our highly recommended antivirus has proven that the hackers have upgraded beyond measures, with or without using any anti virus we all just have to be careful on with what we click on our system that we use for our crypto wallet as that’s their major target.

If it’s even possible one should just have one device aside for just crypto wallet and and other ones which can be use to run any online actives and erra because we can’t really tell where most of this virus are coming from unless for the source which has already been discovered and identified we don’t know where else their malicious link could be found.
hero member
Activity: 2212
Merit: 805
Top Crypto Casino
October 06, 2023, 05:45:09 PM
#20
Frequently, I use my mobile phone to carry out transactions, and I have not experienced any of these clipboard malwares on my phone. Although I know that there are malwares attack here and there, I am always careful about the sites I visit and things I download on my phone. Last month I came across a thread where the OP was warning users against downloading any keyboard app on their mobile because most of those keyboard apps contain malware, and anyone who is not just familiar with the space can easily fall victim. My PC is protected with strong anti-virus software (TotalAV), and I have not experienced any clipboard issues on the PC. I know that since I first heard about the clipboard virus, I have always been careful because I don't want to be a victim and lose my asset to those hackers.

Being careful is great. It's how we can avoid exposing ourselves to these malwares and other possible attack vectors. As long as you're careful about what links you click and what files you download to your devices, you're good to go.  Another note about Antivirus programs is that they can only provide you so much security which is why Antivirus is not a hot topic in security discussions these days. It's nice to have though.

For keyboard apps, it might be true. As a matter of fact, Apple doesn't let users to use 3rd party keyboards when it comes to entering sensitive details like passwords, keys, etc.
sr. member
Activity: 602
Merit: 295
October 06, 2023, 05:41:15 PM
#19
Frequently, I use my mobile phone to carry out transactions, and I have not experienced any of these clipboard malwares on my phone. Although I know that there are malwares attack here and there, I am always careful about the sites I visit and things I download on my phone. Last month I came across a thread where the OP was warning users against downloading any keyboard app on their mobile because most of those keyboard apps contain malware, and anyone who is not just familiar with the space can easily fall victim. My PC is protected with strong anti-virus software (TotalAV), and I have not experienced any clipboard issues on the PC. I know that since I first heard about the clipboard virus, I have always been careful because I don't want to be a victim and lose my asset to those hackers.

Yes there are people that actually get lucky not to this things caught but do not be too certain on things like this. Even with the latest or strong anti-virus they can still get caught and the bad thing is even you wouldn’t easily find out that you have got caught. The best thing is to try as much as possible to avoid downloading just any application and one should check their transactions details like the address properly before broadcasting them. And if you have much funds try to get them off online wallets, don’t get too comfortable with them because hackers can strike where you list expected them
hero member
Activity: 770
Merit: 538
Leading Crypto Sports Betting & Casino Platform
October 06, 2023, 05:33:59 PM
#18
Frequently, I use my mobile phone to carry out transactions, and I have not experienced any of these clipboard malwares on my phone. Although I know that there are malwares attack here and there, I am always careful about the sites I visit and things I download on my phone. Last month I came across a thread where the OP was warning users against downloading any keyboard app on their mobile because most of those keyboard apps contain malware, and anyone who is not just familiar with the space can easily fall victim. My PC is protected with strong anti-virus software (TotalAV), and I have not experienced any clipboard issues on the PC. I know that since I first heard about the clipboard virus, I have always been careful because I don't want to be a victim and lose my asset to those hackers.
hero member
Activity: 1386
Merit: 513
Payment Gateway Allows Recurring Payments
October 05, 2023, 01:34:42 PM
#17
I think the group wanted to impressed in the beginning, that's why they are selling it for a cheap price. But as reported, there are upgrades already and it will be upgraded again and again.
Of course, Its just a marketing technique to sell a product in cheaper amount at start and when it starts to make scammers some money then they will of course increase the prices. I was just thinking, that if this tools really works in a efficient way that the sellers said, then why bothering to sell others and not using it by themselves.

Ok, I got it, they want to divert or distribute the interest of authorities (I mean when there will be more users of this tools <--Buyers). In simple words, they want to stay off the radar. But what other than this.

The moral lesson here is that everyone is vulnerable, no one should think that everyone is safe because you really don't know the extent this cyber criminals can do specially with this kind of weapons. They can even control everything from their command and center (C&C) and monitor what they are doing in your own device. This posts by @LoyceV is very helpful as well with regards to Clipboard malware, How to lose your Bitcoins with CTRL-C CTRL-V.
Thanks for mentioning the thread, it was really a good reminder but I was already aware of such attacks knows as Address poisonings attacks and that's why whenever I send money from one to another address, I totally check the letter one by one. Because it only take few seconds to verify it, and it is far better than regretting later.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿
October 05, 2023, 05:10:10 AM
#16
Try to delete all cookies after you visit the Internet, and set a time after which the session will automatically end if you are inactive. Sometimes hackers can recover session IDs from cookies and, from there, get user passwords and gain full control of the computer. You won’t even know who can surf the Internet with you at the same time if a hacker adds a RAT (remote access Trojan) to your computer. In addition, check the files that are added to your startup. Although, of course, we know that viruses are now hidden under popular processes in the Windows system, you can track the folder in which they may be located.

Could it be possible that this could occur by just opening a mail?

If you open an attachment that is in an email, it is almost always guaranteed that your computer will be infected. This will not happen if you simply open an email. Never click on links.
hero member
Activity: 1344
Merit: 540
October 05, 2023, 04:35:14 AM
#15
Installing the latest antivirus software is a poor advice and may be provided by some technical articles, but antiviruses update their database periodically, which means that there may be viruses that are not present in the database, which gives high probability false positive reports.

Using hardware wallets or open source wallets will not change anything here, but rather:

 - Do not install applications that you do not trust.
 - Check the title completely, or at least the first and last 8 characters.
 - Make sure everything is correct before broadcasting the transaction.

I do agree that anti-virus is not going to detect every malware, especially the newly created ones but for a layman there is no better tool than anti-virus to tackle their cyber security, at least it will be able to detect the known malware.

To protect our crypto assets we can be careful to some extent but these kinds of apps are getting more advanced and I read it is capable of even remote commands so once a system is affected there is a possibility of losing our crypto funds even without any action from our side.

Cybersecurity is the biggest concern of the 21st century, but most people still use Windows, which is at least security-resistant when it comes to avoiding attacks. So, the first thing we should do is install Linux because it offers enhanced security features and greater control over system vulnerabilities, making it a prudent choice for those looking to bolster their online defenses.

It is still very important to update our anti-virus, of course its a game for this cyber criminals, they created new variants of their malware/virus try to spread to to many forms and once the anti-virus company get ahold of this, they will study and make it to their database.

Linux or any other flavor of Unix per se, it might be good as a detrimental or to some extend some IOS device too. As they are target least by this cyber criminals as compare to Windows which is like 80% of laptop/pc users are under this operating system.
full member
Activity: 462
Merit: 117
October 04, 2023, 03:16:19 PM
#14
I find this pieces of information very helpful and useful. Scammers are never tired of doing the unbelievable. On daily basis, they develop new strategy and gimmicks lurking around to be real with ill intentions of undoing unsuspecting individuals. It takes a smart  person to decipher their codes and know what they are up to this time around as they are now heavily sophisticated with their upgraded techniques of operating. Could it be possible that this could occur by just opening a mail?
hero member
Activity: 3024
Merit: 745
Top Crypto Casino
October 04, 2023, 12:50:42 PM
#13
Those who are prone to this type of malware are the ones who keep on downloading from unknown sources on the web and download random files that aren't verified. While it is a good measure to have an anti-virus, the best form of anti-virus is being informed and aware of the potential risk upon downloading files that you're not aware of. Like what we're saying, "prevention is better than cure" and it's also applicable to this. We don't need to wait until our devices are infected by it but avoid any forms of red flags that are likely to get you malware like bunny loader. A usual practice before doing a transaction is not to be lazy checking the address if it's correct or not, and don't get tired of reading each character, letter, and number before pressing the send button. It sounds simple but will help you verify and avoid making a mistake.
sr. member
Activity: 593
Merit: 271
October 04, 2023, 12:03:34 PM
#12
Clipboard malware is very common nowadays. I had accidentally infected my computer with one of this kind of malware one time. Later had to reinstall windows again, cause I don't use any antivirus software.

Those who are new to this malware, usually confuse the first time. I have seen many accidentally sending their assets without realizing that the original address is replaced with the phishing address. It's pretty sad and dangerous for those who never encountered it. They could loss their entire life savings.

Till now I have seen malware that works as replacing the address. But now that I see, they are programmmer with additional features like stealing saved passwords, I'm a little concern. It's a huge treat for us.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom
October 04, 2023, 09:52:58 AM
#11
Installing the latest antivirus software is a poor advice and may be provided by some technical articles, but antiviruses update their database periodically, which means that there may be viruses that are not present in the database, which gives high probability false positive reports.

Using hardware wallets or open source wallets will not change anything here, but rather:

 - Do not install applications that you do not trust.
 - Check the title completely, or at least the first and last 8 characters.
 - Make sure everything is correct before broadcasting the transaction.

I do agree that anti-virus is not going to detect every malware, especially the newly created ones but for a layman there is no better tool than anti-virus to tackle their cyber security, at least it will be able to detect the known malware.

To protect our crypto assets we can be careful to some extent but these kinds of apps are getting more advanced and I read it is capable of even remote commands so once a system is affected there is a possibility of losing our crypto funds even without any action from our side.

Cybersecurity is the biggest concern of the 21st century, but most people still use Windows, which is at least security-resistant when it comes to avoiding attacks. So, the first thing we should do is install Linux because it offers enhanced security features and greater control over system vulnerabilities, making it a prudent choice for those looking to bolster their online defenses.
Pages:
Jump to: