Author

Topic: CoinLurker - another crypto stealing malware (Read 175 times)

legendary
Activity: 1890
Merit: 1537
December 23, 2024, 05:00:13 PM
#17
Anyone connected to the internet who browses emails and websites through search engines and social media daily is at risk of encountering such fraudulent traps frequently. For this reason, we always recommend not using your primary computer connected to the internet for any important matters related to crypto. It's better to store crypto in cold storage that is not connected to the internet.

If a fake update is installed through malicious pop-up ads, fake CAPTCHA windows, or software downloaded from unofficial sites, such as YouTube, fake and compromised websites, or through popular messaging apps, the malware mentioned by the OP can easily access and steal any installed wallets and all the assets. The internet is full of all kinds of malware, so it is the responsibility of any beginner to be aware of the seriousness of the matter so that he does not feel bad if he falls into the hands of scammers.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
December 22, 2024, 05:37:11 PM
#16
I have nothing against Linux or Linux flavored OS, but for the majority, it might be very hard for them to used it as they will take sometime to familiarized themselves and don't get me wrong, it's not user friendly, and I would say that only those who are very much technically incline might used it.
These days there are so many Linux distros that are user friendly and even Windows users can shift to those Linux distros without having any troubles. Windows users can go for Zorin os as that's a pretty use friendly distro for Windows users, and distros like Ubuntu, and Linux mint are also quite user friendly. Using of Linux isn't technical anymore as it used to be in past, but still I agree that most users will still have to learn some technical knowledge before moving to Linux. Especially, the ones who are in crypto should definitely move to Linux.
legendary
Activity: 3080
Merit: 1353
December 20, 2024, 03:51:23 PM
#15


Looking at this screenshot alone, people should be suspicious since Google Chrome supposed to be developed and published by Google (Alphabet Inc.).

the majority of people do not pay attention at all. they simply see a prompt like this an click "'install" "yes" "continue" without thinking or verifying what's goin on.

That's true, when they see this Logo, they always assume that it is from Google or whatever apps they are going to update and install. So they just click on it without second thoughts and it's obviously a bad practice in cryptocurrency.

And there's nothing better that doing our on check first before downloading.

Blindly downloading is risky practice, we have seen since the beginning that many individuals have fallen for it. So we need to pay attention, and after that verify. It will just take a couple of minutes in our end to do that.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 20, 2024, 03:33:30 AM
#14
--snip--
Looking at this screenshot alone, people should be suspicious since Google Chrome supposed to be developed and published by Google (Alphabet Inc.).
You might be well knowledgeable of this things but people out there might be totally ignorant of which company is supposed to publish Google Chrome.
In general terms both for well knowledgeable people and others it's best to only install applications from the official website.

I disagree with you this time. After all, name of the publisher is on the name of the browser and where Google Chrome always suggest you to use Google service. Most people should come into conclusion that Google Chrome is created, owned or developed by Google.

--snip--
Looking at this screenshot alone, people should be suspicious since Google Chrome supposed to be developed and published by Google (Alphabet Inc.).

the majority of people do not pay attention at all. they simply see a prompt like this an click "'install" "yes" "continue" without thinking or verifying what's goin on.

Good point, especially if the people got easily annoyed with all notification or pop-up.
hero member
Activity: 1526
Merit: 555
December 19, 2024, 08:42:40 PM
#13
Use Linux brother to be safe from such useless malware. The scammers mostly target Windows users and that's why it's better to go with Linux. Linux is much safe as operating system for crypto users than Windows, that's why the OG's always use Linux and they're still safe when it comes to such type of malware.

I have nothing against Linux or Linux flavored OS, but for the majority, it might be very hard for them to used it as they will take sometime to familiarized themselves and don't get me wrong, it's not user friendly, and I would say that only those who are very much technically incline might used it.

And that's why Windows is still the most used OS around the world, very easy for those who want's shortcut.

But in the world that we move in, we should really be vigilant and careful on what we download, not just for our software updates as there are a lot of criminals out there in the wild.
legendary
Activity: 2576
Merit: 1655
December 19, 2024, 05:07:24 PM
#12

Looking at this screenshot alone, people should be suspicious since Google Chrome supposed to be developed and published by Google (Alphabet Inc.).
I did a little research on the subject and found that it is a general purpose virus that aims mainly to collect data. Some detailed explanation about it:



So all needed is to interact with the Binance smart contract, answer fake CAPTCHA prompts or download updates directly.
But again it collects data so you need to be really careless to lose your money from such attacks.

The link says that it specially look for directories that our crypto might be stored or where the location is.

So if they collect data from your pc or laptop, then they can used it to access everything related to your crypto. And if by chance you have wallets in that exposed machine, then they can steal it under your noise.

Better be cautious when doing our updates as our source might not be the real one.
hero member
Activity: 784
Merit: 672
Top Crypto Casino
December 19, 2024, 04:40:02 PM
#11
Use Linux brother to be safe from such useless malware. The scammers mostly target Windows users and that's why it's better to go with Linux. Linux is much safe as operating system for crypto users than Windows, that's why the OG's always use Linux and they're still safe when it comes to such type of malware.
hero member
Activity: 510
Merit: 574
Too Little, Too Late.
December 19, 2024, 04:31:05 PM
#10


Looking at this screenshot alone, people should be suspicious since Google Chrome supposed to be developed and published by Google (Alphabet Inc.).

the majority of people do not pay attention at all. they simply see a prompt like this an click "'install" "yes" "continue" without thinking or verifying what's goin on.
legendary
Activity: 2702
Merit: 4002
December 19, 2024, 06:11:11 AM
#9

Looking at this screenshot alone, people should be suspicious since Google Chrome supposed to be developed and published by Google (Alphabet Inc.).
I did a little research on the subject and found that it is a general purpose virus that aims mainly to collect data. Some detailed explanation about it:



So all needed is to interact with the Binance smart contract, answer fake CAPTCHA prompts or download updates directly.
But again it collects data so you need to be really careless to lose your money from such attacks.

member
Activity: 66
Merit: 5
Eloncoin.org - Mars, here we come!
December 19, 2024, 03:24:40 AM
#8
We can't be careful enough but we can at least try, yes we have to always be in look out for suspicious things on the internet and installing unknown applications or even installing known applications from any source is the way we proudly loss everything we worked for.

If you have to protect yourself then your internet activities must be part of this protection, it's best to be suspicious of every update that pops up and never to install applications fron unknown sites which are not the official websites.



Looking at this screenshot alone, people should be suspicious since Google Chrome supposed to be developed and published by Google (Alphabet Inc.).
You might be well knowledgeable of this things but people out there might be totally ignorant of which company is supposed to publish Google Chrome.
In general terms both for well knowledgeable people and others it's best to only install applications from the official website.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
December 19, 2024, 03:20:46 AM
#7


Looking at this screenshot alone, people should be suspicious since Google Chrome supposed to be developed and published by Google (Alphabet Inc.).
legendary
Activity: 2702
Merit: 4002
December 19, 2024, 02:51:42 AM
#6
It seems to be a general malware as it does not target Bitcoin and cryptocurrencies but any way that hackers can profit from accessing your device. Using a hot wallet and installing programs randomly is the perfect way to lose your coins.
legendary
Activity: 2814
Merit: 1112
Leading Crypto Sports Betting & Casino Platform
December 19, 2024, 02:11:11 AM
#5
Thank you for sharing this info.
We should not only be careful during bullrun because scams will not stop or start working during bullrun but anytime and they wait for people to let their guard down.
Be careful in clicking on links from unknown sources, and for beginners never believe in project or coin advertisements that give big returns.
hero member
Activity: 1190
Merit: 901
Livecasino.io
December 19, 2024, 01:02:40 AM
#4
Thank you for sharing this update with us. I am always concerned that these are the ones we know. I am concerned that the ones we don't know are far more than the ones that we know. One of the ways to be the safest online with your crypto assets is to have a separate laptop for just your cryptocurrency holdings. You don't use that laptop for any other thing aside from this purpose. This way, the treat is reduced. Are antivirus software able to detect these malwares?
hero member
Activity: 2842
Merit: 772
December 19, 2024, 12:47:47 AM
#3
Thanks for the warning, yes, this criminals are using this fake update for many years, but it is just now that they are increasing this kind of attacks. Maybe it's easier for them or they've almost perfected their craft that even AV can't detect them as they've hide the code and so it's hard to detect.

And it's interesting that they are not taking advantage of Smart Chain to concealed everything and then be immutable under our system.
jr. member
Activity: 43
Merit: 6
December 18, 2024, 05:15:53 PM
#2
You have said it all in the ending part of your op which is what I wanted to chip in. Staying on alert is key to safeguard oneself from falling victim from these scam schemes. Avoid clicking untrusted sites especially when it's an unofficial site. Taking time to carefully verifying informations and links before clicking is a form of attitude that all crypto users should imbibe. Because it rewarding to delay and do your background check before execution than hurrily falling for cheap scams that could have been easily avoid if you had just given yourself a little time.
hero member
Activity: 1344
Merit: 540
December 18, 2024, 06:18:05 AM
#1
A newly discovered malware called CoinLurker was found in the wild recently. Although the modus is not that new, as it uses of fake update alerts to get to their victims.



So another deception method is,

  • Malvertising Redirects
  • Phishing Emails
  • Fake CAPTCHA Prompts
  • Direct Downloads from Fake or Compromised Sites
  • Social Media and Messaging Links

And with that, the obfuscation chain included Binance Smart Contract. Yes, you heard it right, cyber criminals are using BSC and uses it to hide their embedded data. And taking advantage of it, they leverage the immutable properties of blockchain as it is resistance to tampering or removal.

And they look for this crypto wallets,

  • Bitcoin\wallets
  • Ethereum\keystore
  • Ledger Live\Local Storage\leveldb
  • Exodus\exodus.wallet

And
Quote
Alternative Cryptocurrencies and Lesser-Known Wallets:
Examples include BBQCoin, Lucky7Coin, MemoryCoin, and many others, showcasing its effort to cover a wide range of cryptocurrencies.

https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

So again, we just need to be self-aware and this is just a big warning to everyone as the attacks is ramping up as we are entering the bull run. Specially this kind of attacks, about software update that we might see this as legitimate updates.

And only download from the official sites, and verify everything before downloading. Practicing safe habits should be now part of everyone that involves themselves in crypto.
Jump to: