Author

Topic: Heads up: Infected Multibit Wallet (Read 1152 times)

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
July 17, 2014, 01:28:18 AM
#5
-snip-
Not that it really matters, but that malware wasn't claiming to specifically be a MultiBit executable, it is claiming to be a multi-bitcoin wallet, whatever the heck that is...

Its the kind of malware that steals your coin no matter which wallet you use Wink

I think a warning here is enough because the URL is close to the one of multibit and a google search (as well as some others) of "multi bitcoin wallet" does not lead to the malware.

I am not so sure however if its wise to post the URL here, idk. Maybe make code tags around it so it cant be easily clicked by someone that does not read.
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
July 16, 2014, 07:39:33 PM
#4
There is an infected multibit out there -> http://multibitcoinwallet.com

A user already tried to advertise it in bitcointalk, beware

Quote
MALWARE, just in case anyone had any doubts.

Upon execution, it drops a bunch of executables into %appdata%, runs them, and sets a few of them to be auto-started at boot or logon. I didn't bother trying to figure exactly what kind of stuff it tries to pull beyond this, but it's surely not for your benefit....

Executables it installs on my test system:

documents and settings\admin\application data\1tvcuplb.exe
documents and settings\admin\application data\dyfyljco.exe
documents and settings\admin\application data\eyn8sork.exe
documents and settings\admin\application data\install\host.exe
documents and settings\admin\application data\pua8hbxd.exe
documents and settings\admin\application data\qol58yud.exe

Virustotal report of these dropped executables is here: https://www.virustotal.com/en/file/88624d750fd17a4d61196fc9e63ba54532b508f1f20256a9214849bd8baa4a28/analysis/1405294627/.

Not that it really matters, but that malware wasn't claiming to specifically be a MultiBit executable, it is claiming to be a multi-bitcoin wallet, whatever the heck that is...
legendary
Activity: 1708
Merit: 1066
July 14, 2014, 04:46:52 PM
#3
Tweeted a reminder to always to use the main multibit site for downloads:
https://twitter.com/MultiBitOrg/status/488801201505722369
legendary
Activity: 1708
Merit: 1066
July 14, 2014, 04:35:58 PM
#2
Thanks for that heads up
legendary
Activity: 975
Merit: 1003
July 14, 2014, 12:47:58 PM
#1
There is an infected multibit out there -> http://multibitcoinwallet.com

A user already tried to advertise it in bitcointalk, beware

Quote
MALWARE, just in case anyone had any doubts.

Upon execution, it drops a bunch of executables into %appdata%, runs them, and sets a few of them to be auto-started at boot or logon. I didn't bother trying to figure exactly what kind of stuff it tries to pull beyond this, but it's surely not for your benefit....

Executables it installs on my test system:

documents and settings\admin\application data\1tvcuplb.exe
documents and settings\admin\application data\dyfyljco.exe
documents and settings\admin\application data\eyn8sork.exe
documents and settings\admin\application data\install\host.exe
documents and settings\admin\application data\pua8hbxd.exe
documents and settings\admin\application data\qol58yud.exe

Virustotal report of these dropped executables is here: https://www.virustotal.com/en/file/88624d750fd17a4d61196fc9e63ba54532b508f1f20256a9214849bd8baa4a28/analysis/1405294627/.
Jump to: