Java Bitcoin Virus ? Trying to guess what this does...

tom_o

sr. member

Activity: 308

Merit: 250

Wallet stealer it seems

https://bitcointalksearch.org/topic/namecoin-wallet-stolen-recovery-423526

grue

legendary

Activity: 2058

Merit: 1452

code is obfuscated; no point in doing static analysis. I would recommend running in a VM and attach a debugger.

Stingery64

newbie

Activity: 59

Merit: 0

https://gist.github.com/anonymous/7ba7ad6f13f73dcf68c1

here is all the source code in case someone want check it out much quicker,

Stingery64

newbie

Activity: 59

Merit: 0

hi

this web cryptonewsonline.c0m (i put a zero so no one enter by mistake)

is simulating the load a live youtube conection,
but its all fake as the pictures are listed in the own web and there is no link to youtube in the source code:
http://cryptonewsonline.com/stream/stylesheets/images/

When you click in the image of the Live connection, it links to: http://cryptonewsonline.c0m/post.htm
and tries to load a .jar file,
and in case you dont have java isntalled, the browser will promp you to install java as a missing connector needed.

thats the code of post.htm :

--------------------

http://galaxypanel.pw/insert.php?&t=traditional&p=http://cryptonewsonline.com/post.htm&b=Opera&o=OS&u=USAR&e=">

https://www.java.net/blog/campbell/archive/images/orangebox.png">

--------------------

the .jar is this one:

http://cryptonewsonline.com/Traditional.jar

I opened the compiled java file with Java Decompiler (a portable application to read the source)
but i can't really find what they are doing all those classes,

maybe someone want take a look?

here is a java decoompiler portable: http://jd.benow.ca

https://i.imgur.com/EIlcoHC.png

Topic: Java Bitcoin Virus ? Trying to guess what this does... (Read 1159 times)