Author

Topic: Fake Google Chrome Update deliver crypto stealing malware (Read 310 times)

sr. member
Activity: 812
Merit: 257
PredX - AI-Powered Prediction Market
The large number of google chrome users makes people who are smart but have no manners try their knowledge! Thieves who are willing to learn for a harmful action. I myself rarely use zip extraction / other raw folders. To update google chrome always click the 3 dots on the top right in the home browser =>about google chrome => check the version currently in use. It is too risky to allow such things on the desktop because of the deceptive wrapper of the content. Hopefully the affected people will not expand and be more vigilant, I realise the role of the browser is very important like a window that can go anywhere, but can be infiltrated around guarded access. And if there is any update via email I do not trust it unless it is just a notification, and access it on the official website for further action.
newbie
Activity: 28
Merit: 2
For me, such a development of events with the theft of cryptocurrency and not only, in the browser Chrome is news. Two-factor authorization must be mandatory!
full member
Activity: 560
Merit: 100
Eloncoin.org - Mars, here we come!
Exactly and even if they didn't update automatically they would give you a notification to update he apps and not people sending to update the apps. Scammers are always bringing new methods to scam people and those who are not smart fall for it and this who are smart and wise escape from the trap always. The Internet is a place of making money and the same time scammers full the internet so when you online be wise and smart if not they scammer.

Everyday they come with new technic so we have to know their new technic deal with them.
Chrome? It's important to keep updates on our phone apps because nowhere is safe anymore. We come with the intention of making substantial profits in the space but we should always take our time to ensure we're on the right lane because any slight mistakes will always attracts losses on our ends. Scammers never gets tired and they don't give up. I know how important it is for them to lure people and scammed them of their hard earn money.
hero member
Activity: 1064
Merit: 501
Delicate information like this needs to be shared with everyone so that people will take note of this, and not fall victim to it, while they think, they are updating their Chrome because it appeared on the screen of their laptop, they are updating a fake Google Chrome malware meant to steal their crypto assets.

This is truly a bad move by the crypto hackers. They know how the Chrome browser is mostly used by many. I just wish everyone would stay vigilant about this, and never update their Chrome browser to a fake one, thinking that they updated the main Chrome browser
hero member
Activity: 700
Merit: 577
Chrome and  every other website I have used updates themselves automatically every time. I always get a message that my device has been recently updated with the new features, never a "your device needs update message".

Everyone should stay vigilant and never keep their funds on an exchange or on a device they use often. Invest in a hardware wallet.

- Jay -
Exactly and even if they didn't update automatically they would give you a notification to update he apps and not people sending to update the apps. Scammers are always bringing new methods to scam people and those who are not smart fall for it and this who are smart and wise escape from the trap always. The Internet is a place of making money and the same time scammers full the internet so when you online be wise and smart if not they scammer.

Everyday they come with new technic so we have to know their new technic deal with them.
sr. member
Activity: 728
Merit: 388
DGbet.fun - Crypto Sportsbook
I use chrome and other browsers on my PC, if any brings update outside the browser it's likely a scam, even uodate. Zip should raise eyebrows, my advice is people should stop surfing the web anyhow, you will eventually stumble on some fake ads and the only thing stopping you is you not believing in the add or you believing in the ads, I am very used to random ads tellling me to update some software or browser, they are all fakes.

This is more dangerous for new PC users, the chances that they can click on any link they found is very high, for such individuals I won't advice them to even run any cryoto wallets on their PC, for hacking softwares to penetrate into your PC, the user still need to give access, it is always us, so it is better to run your crypto wallet elsewhere.

I can tell the difference from a popup anything asking for some access on my PC, but still I choose to run my crypto wallets far away from my PC, if I am a newbie I would have fallen because I will believe almost everything that I see on my PC, today I don't have to worry anymore, I have a hardware wallet and everything I do on my PC won't favour any scams and hacks, that is even if they managed to infect my PC.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
I brought this discussion to the local forum as well. Indeed, all hackers that I understand take advantage of user weaknesses. So the best we can do to prevent, some suggestions when discussing in local forums could be maybe using AdBlock, premium VPN, or DNS settings.
~snip~


How will a VPN or an alternative DNS help you not to install a fake update? The only thing that makes sense is that you might be able to avoid an attack that is geolocated, but also by using a VPN, you can be shown ads that you otherwise wouldn't be able to see with your IP address.



Don't you read all the posts above? In fact, NotATether gave the most needed answer on this topic. It doesn’t matter which browser you want to update; it doesn’t matter which program will beg you to update; the important thing is that Windows allows automatic installation and unpacking of archives without the user’s permission. When working with Linux, you install the necessary sources for updates, and updates occur only from authorized sources, which to some extent protects the user.

When we talk about browsers, each one has (or should have) options for downloading files in its settings, and in these settings you can set whether you want the browser to ask you for permission for every download or whether you want that process to be automatic. It has never happened to me that Windows did something by itself.
hero member
Activity: 798
Merit: 702
and therefore always make sure that your device has antivirus installed and always check whether the domain you are visiting is correct, not a fake website. because there have been many cases like this where some websites disguise themselves as the original website by using domains such as .app .cloud, etc., and user devices can be vulnerable if they do not pay attention to things like this. moreover, google on its site often advertises fake websites like this which often mislead users, and therefore always make sure that the website you are visiting is genuine.
I will agree with you on the side of checking the domain to make sure that the person is on the right one, but you see, putting your trust in antivirus is a risky one, I must say, as there are a lot of anti-viruses that are even carriers, so the best way to protect yourself is to be your own personal security, avoid clicking on things you don't understand online, and like I said above, don't put all your trust in your antivirus. There is some malicious malware that your antivirus might not be able to detect, and it will cause great damage to your gadget.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

This has nothing to do with Google and they could just as well go after Firefox on Windows users too.

The problem here is on Windows, there is no way you can verify that a program is signed by the entity it claims to be made by. At least Linux has PGP signatures and MacOS has Gatekeeper, but on Windows you can easily buy a code signing cert for $100 and impersonate any company you want and that is the end of the matter.
And the thing is that 80% of us could still be using Windows as our OS, that's why many are still getting malwares and other trojans that steals our crypto holding. I really don't know why people are still into Windows, might be better to try other flavor of Unix or at least MacOS.

If we can hold thousands of dollars then why not invest on a good machine not using Windows? Really baffles me and then crypto users bitch around when they got hack because they didn't take care of their OS security.

I know that what I'm about to mention is the exception, not the rule, but I have recently learned about the XZ Utils backdoor incident which was fortunately frustrated in the very last minute by pure chance (ironically thanks to a Microsoft worker), and which would've compromised hundreds of millions of computers worlwide that run SSH.

We have become accustomed to repeating ad nauseam that Linux or at least MacOS are safer, and in most ways they are, but at the same time the mentioned incident "could have been the most widespread and effective backdoor ever planted in any software product".
full member
Activity: 868
Merit: 202
Quote
chatgpt-app[.]cloud site contains a download link to a Zip archive called ‘Update.zip’

And once the you have executed the zip file, it will download the payload to your system and then the code will look for the following string in your machine, like *Bitcoin, *Binance and almost everything related to crypto.



and therefore always make sure that your device has antivirus installed and always check whether the domain you are visiting is correct, not a fake website. because there have been many cases like this where some websites disguise themselves as the original website by using domains such as .app .cloud, etc., and user devices can be vulnerable if they do not pay attention to things like this. moreover, google on its site often advertises fake websites like this which often mislead users, and therefore always make sure that the website you are visiting is genuine.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿

Actually i think that's a good recommendation Firefox is a good application for browsing and is highly recommended by most of the users, this is why most people prefer using Firefox instead of using Chrome. However Firefox was introduced in 2004 and they gain more popularity within a year, before the adoption of Google Chrome in 2008. However from my investigations i have come to realize that Google Chrome has gain more popularity over Firefox, this is why scammers are using them to attack people because they know that Google Chrome has gain a lot of users in their application.

Don't you read all the posts above? In fact, NotATether gave the most needed answer on this topic. It doesn’t matter which browser you want to update; it doesn’t matter which program will beg you to update; the important thing is that Windows allows automatic installation and unpacking of archives without the user’s permission. When working with Linux, you install the necessary sources for updates, and updates occur only from authorized sources, which to some extent protects the user.
sr. member
Activity: 294
Merit: 433
HODL - BTC
I am a long time Chrome user but when updating then from the browser directly in Help -> About Google Chrome then it automatically updates itself.

I got news maybe this is almost similar where a Chinese citizen lost $1 million from hijacking a browser plugin that resulted in stealing cookies in the browser.

So now there are many loopholes, I am now vigilant and never store assets in the browser extension wallet because this could cause vulnerabilities.

Source:
[1]. https://x.com/GoPlusSecWareX/status/1797597506748219614
hero member
Activity: 1400
Merit: 770
I brought this discussion to the local forum as well. Indeed, all hackers that I understand take advantage of user weaknesses. So the best we can do to prevent, some suggestions when discussing in local forums could be maybe using AdBlock, premium VPN, or DNS settings. One most important thing is never update your Chrome from any pop up, download from the official site. It's also probably (I got it here) the best advice to try is always go to settings-about- here you will find how to update your Chrome app.

hero member
Activity: 2870
Merit: 594
Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

This has nothing to do with Google and they could just as well go after Firefox on Windows users too.

The problem here is on Windows, there is no way you can verify that a program is signed by the entity it claims to be made by. At least Linux has PGP signatures and MacOS has Gatekeeper, but on Windows you can easily buy a code signing cert for $100 and impersonate any company you want and that is the end of the matter.
And the thing is that 80% of us could still be using Windows as our OS, that's why many are still getting malwares and other trojans that steals our crypto holding. I really don't know why people are still into Windows, might be better to try other flavor of Unix or at least MacOS.

If we can hold thousands of dollars then why not invest on a good machine not using Windows? Really baffles me and then crypto users bitch around when they got hack because they didn't take care of their OS security.
jr. member
Activity: 31
Merit: 3
The best way to prevent something like this from ever happening to you is to simply not use Chrome - because according to data from the beginning of the year, that browser is represented by as much as 65% among all other browsers, which means that fake updates target exactly that group of users.

If for some reason you don't want to use Tor (which is definitely recommended), one of the better choices is certainly Firefox. The message of this story is that if you are already in the world of cryptocurrencies, then adapt to it in the best possible way.

Actually i think that's a good recommendation Firefox is a good application for browsing and is highly recommended by most of the users, this is why most people prefer using Firefox instead of using Chrome. However Firefox was introduced in 2004 and they gain more popularity within a year, before the adoption of Google Chrome in 2008. However from my investigations i have come to realize that Google Chrome has gain more popularity over Firefox, this is why scammers are using them to attack people because they know that Google Chrome has gain a lot of users in their application.
full member
Activity: 490
Merit: 225
Chrome and  every other website I have used updates themselves automatically every time. I always get a message that my device has been recently updated with the new features, never a "your device needs update message".

Everyone should stay vigilant and never keep their funds on an exchange or on a device they use often. Invest in a hardware wallet.

- Jay -
That's true. Most of the browsers would auto update themselves and wouldn't give you access to most features if you refuse to update them and when you eventually do the update, you get to see somany features that almost seems as though they've all set up to deprive your privacy and get some sensitive data from you. The Chrome and other browsers case is different and even better but when it comes to what happens when you've updated most of these social media like Facebook and WhatsApp that now have built in AI, the guarantee of your security is as slime as nothing.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

This has nothing to do with Google and they could just as well go after Firefox on Windows users too.

The problem here is on Windows, there is no way you can verify that a program is signed by the entity it claims to be made by. At least Linux has PGP signatures and MacOS has Gatekeeper, but on Windows you can easily buy a code signing cert for $100 and impersonate any company you want and that is the end of the matter.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
Just one more good reason to stop using Chrome. Efficiency is important for scammers, so they will prefer to focus on the leading OS, browsers, etc. to direct their attacks. Mainstream is not a guarantee of safety here...

Tor was mentioned above, although IMO it is not the most comfortable browser for everyday use. There are other good options in between, but in the end staying vigilant and double checking the sources from which you download everything is key.
hero member
Activity: 812
Merit: 560
I will advise that whenever we want to make an update on the apps being used, we should verify the source or means in which we are going to use for that purpose before using them, any link or third party website redirection should be what we have to take serious action against because they could be used to trap us in achieving their target by introducing malware to us, there are many fake updates and they can exist or come in different forms, we need to be more observant to know which is not good for us.
legendary
Activity: 1890
Merit: 1537
Chrome is updated through the browser itself without downloading the latest version of the browser again, uninstalling the old version, or searching on Google for sites to download the browser update, which might be phishing sites containing exe files injected with trojans. By clicking on Settings and then on About Chrome, you can find information about the current version and then perform an automatic update. The same applies to Firefox. I believe that most browsers have this feature to install automatic updates as a security precaution for users to avoid potential fraud and hacking.

Every person must make sure that he uses official websites to download programs or browser extensions and avoid using the primary computer designated for cryptocurrencies, which contains important data, to download programs from unofficial websites, cracks, open suspicious links, and install unknown browser extensions. Such actions can pose a great threat to the user's privacy and result in being hacked.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
The best way to prevent something like this from ever happening to you is to simply not use Chrome - because according to data from the beginning of the year, that browser is represented by as much as 65% among all other browsers, which means that fake updates target exactly that group of users.

If for some reason you don't want to use Tor (which is definitely recommended), one of the better choices is certainly Firefox. The message of this story is that if you are already in the world of cryptocurrencies, then adapt to it in the best possible way.
jr. member
Activity: 31
Merit: 3
Chrome and  every other website I have used updates themselves automatically every time. I always get a message that my device has been recently updated with the new features, never a "your device needs update message".

Everyone should stay vigilant and never keep their funds on an exchange or on a device they use often. Invest in a hardware wallet.

- Jay -

You're right this is my first time of seen something like this, moreover ever since I started making use of chrome i have not been asked to update my chrome, rather i always get a message from the Google that most of my device has been updated to the new version unlike as you said earlier. however scammers are gradually dominating everywhere in the internet this is why we need to be very careful with the kind of applications we download from google play store, because there are a lot of scam applications in google play store, More especially this crypto trading apps and also most of this crypto wallet. this is why for those who are still new in this crypto space before downloading any crypto wallet is very good to seek for opinion from those earlier investors, so that they can guide you on how to find the right crypto wallet, so as to avoid being a victim.
sr. member
Activity: 756
Merit: 356
But now it has evolved that it's really hard for us to distinguished and if we just slip, we will fall victims to this kind of attacks. So at least, very important not to click or we should be really thinking many times. Even in Google Play, there are a lot of fake websites too, so this world is not really safe for us and we shouldn't let our guard down.

On the contrary, I believe most scams are very easy to identify. Scammers are no longer creative. They just stick to what works for them. Just this morning a friend of mine in a different country sent me a screenshot of a WhatsApp message saying she should download a particular wallet and input a given seed phrase and she'll have access to 200 USDT. This has scam written all over it because first, what wallet gives away free  $200 and how can the seed phrase be already given before you download the wallet, but you'd be surprised to learn that people still fall for it. It's absurd.

I mean, I know that there are sophisticated scams that lead to hacks, but the popular scams these days are very easy to spot. It's very rare for somebody to fall into a scam if there were no red flags all along. The red flags are always there, we just have to be careful enough to spot them. It's pretty easy.
hero member
Activity: 1526
Merit: 555
I think you guys knows the drill here, never downloaded any update from unknown source, simply practice that can really help us a lot crypto enthusiast.
And not to trust any download and verify everything before we click.

You can't be too careful these days. Only download apps from the store or their official website. Staying away from scams in crypto and in general, is not really as hard as people think. All you need to do is to be smart about whatever you do. You don't need to be a tech guru to avoid scams. Common sense should tell us that downloading apps from other sources is risky, especially apps that contain financial details, assets or personal information.
We can't go about clicking on any link we see.
It's good you created awareness about this, so people who don't know won't fall for it.

Well others make it complicated, and I think it is. Because if it not, then we will not be a target and the numbers are ramping up every year if I'm not mistaken. When I joined the market it's like the scam is only bitcoin doubler.

But now it has evolved that it's really hard for us to distinguished and if we just slip, we will fall victims to this kind of attacks. So at least, very important not to click or we should be really thinking many times. Even in Google Play, there are a lot of fake websites too, so this world is not really safe for us and we shouldn't let our guards down.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Figure 1: Shows what the actual fake update website looks like

Quote
chatgpt-app[.]cloud site contains a download link to a Zip archive called ‘Update.zip’

The domain name doesn't even sound similar to word "google" or "chrome", so it's crazy some people actually trust the fake website. Besides, Chrome and many other browser these days automatically update itself on background. Although usage of "run[.]app" reminds me of this report, https://blog.talosintelligence.com/google-cloud-run-abuse/.

The emails contain hyperlinks to Google Cloud Run, which can be identified due to the use of run[.]app as the top-level domain (TLD).
sr. member
Activity: 756
Merit: 356
I think you guys knows the drill here, never downloaded any update from unknown source, simply practice that can really help us a lot crypto enthusiast.
And not to trust any download and verify everything before we click.

You can't be too careful these days. Only download apps from the store or their official website. Staying away from scams in crypto and in general, is not really as hard as people think. All you need to do is to be smart about whatever you do. You don't need to be a tech guru to avoid scams. Common sense should tell us that downloading apps from other sources is risky, especially apps that contain financial details, assets or personal information.
We can't go about clicking on any link we see.
It's good you created awareness about this, so people who don't know won't fall for it.
legendary
Activity: 1064
Merit: 1298
Lightning network is good with small amount of BTC
I prefer to update the app directly from the app update link. Or the app itself consists of the malware link? I also make sure that I know the link the update would be downloaded from if not on application store.

Using closed source Chromium browsers comes with similar risks and requires complete trust in the developers, so it is better to use open source browsers or Tor.
Using open source apps are the best and close source ones are better to be avoided but bad hackers can create a malware for open or close source apps or software. What that is important is for us to avoid downloading the malware.
sr. member
Activity: 560
Merit: 265
This is good.

We'll keep on exposing them and hopefully reduce the number of people who will fall victim to them . On the other hand Chrome needs to take up responsibility to sort out these fake extensions that are malwares.

I still think that Tor browser is one of the best most security and equally private browsers out there.
hero member
Activity: 630
Merit: 510
The payload sends part of the data, as the wallet file is encrypted and the Binance data requires two-factor authentication, but since you downloaded an unknown application, it will most likely open some side doors that enable it to know the password or record the two-factor matching code when you enter it in the browser.



Using closed source Chromium browsers comes with similar risks and requires complete trust in the developers, so it is better to use open source browsers or Tor.
hero member
Activity: 644
Merit: 661
- Jay -
Chrome and  every other website I have used updates themselves automatically every time. I always get a message that my device has been recently updated with the new features, never a "your device needs update message".

Everyone should stay vigilant and never keep their funds on an exchange or on a device they use often. Invest in a hardware wallet.

- Jay -
full member
Activity: 252
Merit: 175
cout << "Bitcoin";
This is wild!!. My first time actually of coming across a malware that searches for words based on what the criminal intends to steal. I think this info should be a guide to avoid been a victim of crypto theft. Moreover, downloading any software from unknown sources is always discourage even by our own devices.
hero member
Activity: 2842
Merit: 772
A new way for this criminals to deliver their payload of crypto stealing malware know as Lumma and BitRat. This time the payload is being delivered to fake Google Chrome update as reported by Esentire.



Figure 1: Shows what the actual fake update website looks like

Quote
chatgpt-app[.]cloud site contains a download link to a Zip archive called ‘Update.zip’

And once the you have executed the zip file, it will download the payload to your system and then the code will look for the following string in your machine, like *Bitcoin, *Binance and almost everything related to crypto.

Code:
{
    "v": 1,
    "c": [
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*.txt",
            "z": "Important Files/Profile",
            "d": 1
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*key*",
            "z": "Important Files/Profile",
            "d": 1
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*bitcoin*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*binance*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*exodus*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*coinbase*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*wallet*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*seed*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*pass*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*ledger*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*trezor*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*metamask*",
            "z": "Important Files/Profile",
            "d": 3
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*crypto*",
            "z": "Important Files/Profile",
            "d": 1
        },
        {
            "t": 0,
            "p": "%appdata%\\Binance",
            "m": "app-store.json",
            "z": "Wallets/Binance",
            "d": 1
        },
        {
            "t": 0,
            "p": "%appdata%\\Binance",
            "m": ".finger-print.fp",
            "z": "Wallets/Binance",
            "d": 1
        },
        {
            "t": 0,
            "p": "%appdata%\\Binance",
            "m": "simple-storage.json",
            "z": "Wallets/Binance",
            "d": 1
        },
        {
            "t": 0,
            "p": "%appdata%\\Electrum\\wallets",
            "m": "*",
            "z": "Wallets/Electrum",
            "d": 1
        },
        {
            "t": 0,
            "p": "%appdata%\\Ethereum",
            "m": "keystore",
            "z": "Wallets/Ethereum",
            "d": 1
        },
        {
            "t": 0,
            "p": "%appdata%\\Exodus\\exodus.wallet",
            "m": "*",
            "z": "Wallets/Exodus",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\Ledger Live",
            "m": "*",
            "z": "Wallets/Ledger Live",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\atomic\\Local Storage\\leveldb",
            "m": "*",
            "z": "Wallets/Atomic",
            "d": 2
        },
        {
            "t": 0,
            "p": "%localappdata%\\Coinomi\\Coinomi\\wallets",
            "m": "*",
            "z": "Wallets/Coinomi",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\Authy Desktop\\Local Storage\\leveldb",
            "m": "*",
            "z": "Wallets/Authy Desktop",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\Bitcoin\\wallets",
            "m": "*",
            "z": "Wallets/Bitcoin core",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\com.liberty.jaxx\\IndexedDB",
            "m": "*.leveldb",
            "z": "Wallets/JAXX New Version",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\Electrum\\wallets",
            "m": "*",
            "z": "Wallets/Electrum",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\AnyDesk",
            "m": "*.conf",
            "z": "Applications/AnyDesk",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\FileZilla",
            "m": "recentservers.xml",
            "z": "Applications/FileZilla",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\FileZilla",
            "m": "sitemanager.xml",
            "z": "Applications/FileZilla",
            "d": 2
        },
        {
            "t": 0,
            "p": "%userprofile%",
            "m": "*.kbdx",
            "z": "Applications/KeePass",
            "d": 2
        },
        {
            "t": 0,
            "p": "%programfiles%\\Steam",
            "m": "ssfn*",
            "z": "Applications/Steam",
            "d": 2
        },
        {
            "t": 0,
            "p": "%programfiles%\\Steam\\config",
            "m": "*",
            "z": "Applications/Steam/config",
            "d": 2
        },
        {
            "t": 0,
            "p": "%appdata%\\Telegram Desktop",
            "m": "*s",
            "z": "Applications/Telegram",
            "d": 2
        },
        {
            "t": 1,
            "e": [
                {
                    "en": "ejbalbakoplchlghecdalmeeeajnimhm",
                    "ez": "MetaMask"
                },
                {
                    "en": "nkbihfbeogaeaoehlefnkodbefgpgknn",
                    "ez": "MetaMask"
                },
                {
                    "en": "egjidjbpglichdcondbcbdnbeeppgdph",
                    "ez": "Trust Wallet"
                },
                {
                    "en": "ibnejdfjmmkpcnlpebklmnkoeoihofec",
                    "ez": "TronLink"
                },
                {
                    "en": "fnjhmkhhmkbjkkabndcnnogagogbneec",
                    "ez": "Ronin Wallet"
                },
                {
                    "en": "fhbohimaelbohpjbbldcngcnapndodjp",
                    "ez": "Binance Chain Wallet"
                },
                {
                    "en": "ffnbelfdoeiohenkjibnmadjiehjhajb",
                    "ez": "Yoroi"
                },
                {
                    "en": "jbdaocneiiinmjbjlgalhcelgbejmnid",
                    "ez": "Nifty"
                },
                {
                    "en": "afbcbjpbpfadlkmhmclhkeeodmamcflc",
                    "ez": "Math"
                },
                {
                    "en": "hnfanknocfeofbddgcijnmhnfnkdnaad",
                    "ez": "Coinbase"
                },
                {
                    "en": "hpglfhgfnhbgpjdenjgmdgoeiappafln",
                    "ez": "Guarda"
                },
                {
                    "en": "blnieiiffboillknjnepogjhkgnoapac",
                    "ez": "EQUA"
                },
                {
                    "en": "cjelfplplebdjjenllpjcblmjkfcffne",
                    "ez": "Jaxx Liberty"
                },
                {
                    "en": "fihkakfobkmkjojpchpfgcmhfjnmnfpi",
                    "ez": "BitApp"
                },
                {
                    "en": "kncchdigobghenbbaddojjnnaogfppfj",
                    "ez": "iWlt"
                },
                {
                    "en": "kkpllkodjeloidieedojogacfhpaihoh",
                    "ez": "EnKrypt"
                },
                {
                    "en": "amkmjjmmflddogmhpjloimipbofnfjih",
                    "ez": "Wombat"
                },
                {
                    "en": "nlbmnnijcnlegkjjpcfjclmcfggfefdm",
                    "ez": "MEW CX"
                },
                {
                    "en": "nanjmdknhkinifnkgdcggcfnhdaammmj",
                    "ez": "Guild"
                },
                {
                    "en": "nkddgncdjgjfcddamfgcmfnlhccnimig",
                    "ez": "Saturn"
                },
                {
                    "en": "cphhlgmgameodnhkjdmkpanlelnlohao",
                    "ez": "NeoLine"
                },
                {
                    "en": "nhnkbkgjikgcigadomkphalanndcapjk",
                    "ez": "Clover"
                },
                {
                    "en": "kpfopkelmapcoipemfendmdcghnegimn",
                    "ez": "Liquality"
                },
                {
                    "en": "aiifbnbfobpmeekipheeijimdpnlpgpp",
                    "ez": "Terra Station"
                },
                {
                    "en": "dmkamcknogkgcdfhhbddcghachkejeap",
                    "ez": "Keplr"
                },
                {
                    "en": "fhmfendgdocmcbmfikdcogofphimnkno",
                    "ez": "Sollet"
                },
                {
                    "en": "cnmamaachppnkjgnildpdmkaakejnhae",
                    "ez": "Auro"
                },
                {
                    "en": "jojhfeoedkpkglbfimdfabpdfjaoolaf",
                    "ez": "Polymesh"
                },
                {
                    "en": "flpiciilemghbmfalicajoolhkkenfe",
                    "ez": "ICONex"
                },
                {
                    "en": "nknhiehlklippafakaeklbeglecifhad",
                    "ez": "Nabox"
                },
                {
                    "en": "hcflpincpppdclinealmandijcmnkbgn",
                    "ez": "KHC"
                },
                {
                    "en": "ookjlbkiijinhpmnjffcofjonbfbgaoc",
                    "ez": "Temple"
                },
                {
                    "en": "mnfifefkajgofkcjkemidiaecocnkjeh",
                    "ez": "TezBox"
                },
                {
                    "en": "lodccjjbdhfakaekdiahmedfbieldgik",
                    "ez": "DAppPlay"
                },
                {
                    "en": "ijmpgkjfkbfhoebgogflfebnmejmfbm",
                    "ez": "BitClip"
                },
                {
                    "en": "lkcjlnjfpbikmcmbachjpdbijejflpcm",
                    "ez": "Steem Keychain"
                },
                {
                    "en": "onofpnbbkehpmmoabgpcpmigafmmnjh",
                    "ez": "Nash Extension"
                },
                {
                    "en": "bcopgchhojmggmffilplmbdicgaihlkp",
                    "ez": "Hycon Lite Client"
                },
                {
                    "en": "klnaejjgbibmhlephnhpmaofohgkpgkd",
                    "ez": "ZilPay"
                },
                {
                    "en": "aeachknmefphepccionboohckonoeemg",
                    "ez": "Coin98"
                },
                {
                    "en": "bhghoamapcdpbohphigoooaddinpkbai",
                    "ez": "Authenticator"
                },
                {
                    "en": "dkdedlpgdmmkkfjabffeganieamfklkm",
                    "ez": "Cyano"
                },
                {
                    "en": "nlgbhdfgdhgbiamfdfmbikcdghidoadd",
                    "ez": "Byone"
                },
                {
                    "en": "infeboajgfhgbjpjbeppbkgnabfdkdaf",
                    "ez": "OneKey"
                },
                {
                    "en": "cihmoadaighcejopammfbmddcmdekcje",
                    "ez": "Leaf"
                },
                {
                    "en": "gaedmjdfmmahhbjefcbgaolhhanlaolb",
                    "ez": "Authy"
                },
                {
                    "en": "oeljdldpnmdbchonielidgobddfffla",
                    "ez": "EOS Authenticator"
                },
                {
                    "en": "ilgcnhelpchnceeipipijaljkblbcob",
                    "ez": "GAuth Authenticator"
                },
                {
                    "en": "imloifkgjagghnncjkhggdhalmcnfklk",
                    "ez": "Trezor Password Manager"
                },
                {
                    "en": "bfnaelmomeimhlpmgjnjophhpkkoljpa",
                    "ez": "Phantom"
                },
                {
                    "en": "ppbibelpcjmhbdihakflkdcoccbgbkpo",
                    "ez": "UniSat"
                }
            ],
            "n": [
                {
                    "p": "%localappdata%\\Google\\Chrome\\User Data",
                    "z": "Chrome"
                },
                {
                    "p": "%localappdata%\\Chromium\\User Data",
                    "z": "Chromium"
                },
                {
                    "p": "%localappdata%\\Microsoft\\Edge\\User Data",
                    "z": "Edge"
                },
                {
                    "p": "%localappdata%\\Kometa\\User Data",
                    "z": "Kometa"
                },
                {
                    "p": "%appdata%\\Opera Software\\Opera Stable",
                    "z": "Opera Stable"
                },
                {
                    "p": "%appdata%\\Opera Software\\Opera GX Stable",
                    "z": "Opera GX Stable"
                },
                {
                    "p": "%appdata%\\Opera Software\\Opera Neon\\User Data",
                    "z": "Opera Neon"
                },
                {
                    "p": "%localappdata%\\BraveSoftware\\Brave-Browser\\User Data",
                    "z": "Brave Software"
                },
                {
                    "p": "%localappdata%\\Comodo\\Dragon\\User Data",
                    "z": "Comodo"
                },
                {
                    "p": "%localappdata%\\CocCoc\\Browser\\User Data",
                    "z": "CocCoc"
                }
            ]
        },
        {
            "t": 2,
            "p": "%appdata%\\Mozilla\\Firefox\\Profiles",
            "z": "Mozilla Firefox"
        }
    ]
}

I think you guys knows the drill here, never downloaded any update from unknown source, simply practice that can really help us a lot crypto enthusiast.
And not to trust any download and verify everything before we click.

https://www.esentire.com/blog/the-case-of-lummac2-v4-0
Jump to: