Heads up: Infected Multibit Wallet | Bitcointalksearch.org

shorena

copper member

Activity: 1498

Merit: 1499

No I dont escrow anymore.

Quote from: btchris on July 16, 2014, 08:39:33 PM

-snip-
Not that it really matters, but that malware wasn't claiming to specifically be a MultiBit executable, it is claiming to be a multi-bitcoin wallet, whatever the heck that is...

Its the kind of malware that steals your coin no matter which wallet you use Wink

I think a warning here is enough because the URL is close to the one of multibit and a google search (as well as some others) of "multi bitcoin wallet" does not lead to the malware.

I am not so sure however if its wise to post the URL here, idk. Maybe make code tags around it so it cant be easily clicked by someone that does not read.

btchris

hero member

Activity: 672

Merit: 504

a.k.a. gurnec on GitHub

Quote from: mitzie on July 14, 2014, 01:47:58 PM

There is an infected multibit out there -> http://multibitcoinwallet.com

A user already tried to advertise it in bitcointalk, beware

Quote

MALWARE, just in case anyone had any doubts.

Upon execution, it drops a bunch of executables into %appdata%, runs them, and sets a few of them to be auto-started at boot or logon. I didn't bother trying to figure exactly what kind of stuff it tries to pull beyond this, but it's surely not for your benefit....

Executables it installs on my test system:

documents and settings\admin\application data\1tvcuplb.exe
documents and settings\admin\application data\dyfyljco.exe
documents and settings\admin\application data\eyn8sork.exe
documents and settings\admin\application data\install\host.exe
documents and settings\admin\application data\pua8hbxd.exe
documents and settings\admin\application data\qol58yud.exe

Virustotal report of these dropped executables is here: https://www.virustotal.com/en/file/88624d750fd17a4d61196fc9e63ba54532b508f1f20256a9214849bd8baa4a28/analysis/1405294627/.

Not that it really matters, but that malware wasn't claiming to specifically be a MultiBit executable, it is claiming to be a multi-bitcoin wallet, whatever the heck that is...

jim618

legendary

Activity: 1708

Merit: 1066

Tweeted a reminder to always to use the main multibit site for downloads:
https://twitter.com/MultiBitOrg/status/488801201505722369

jim618

legendary

Activity: 1708

Merit: 1066

Thanks for that heads up

mitzie

legendary

Activity: 975

Merit: 1003

There is an infected multibit out there -> http://multibitcoinwallet.com

A user already tried to advertise it in bitcointalk, beware

Quote

MALWARE, just in case anyone had any doubts.

Upon execution, it drops a bunch of executables into %appdata%, runs them, and sets a few of them to be auto-started at boot or logon. I didn't bother trying to figure exactly what kind of stuff it tries to pull beyond this, but it's surely not for your benefit....

Executables it installs on my test system:

documents and settings\admin\application data\1tvcuplb.exe
documents and settings\admin\application data\dyfyljco.exe
documents and settings\admin\application data\eyn8sork.exe
documents and settings\admin\application data\install\host.exe
documents and settings\admin\application data\pua8hbxd.exe
documents and settings\admin\application data\qol58yud.exe

Virustotal report of these dropped executables is here: https://www.virustotal.com/en/file/88624d750fd17a4d61196fc9e63ba54532b508f1f20256a9214849bd8baa4a28/analysis/1405294627/.

Topic: Heads up: Infected Multibit Wallet (Read 1128 times)