This is one of the main reason why I limit myself from using desktop to access important information, although it's not that using a phone would prevent us from getting attacked I think we just have ti to be very careful to a safety level. This are happening and we should make sure that we learn from other people's mistakes. Using an exchange is good even though most of us here would never want to be sincere to themselves. We need to make sure we are a wallet where we store our coins and send them to an exchange if we want to trade them.
If we use the desktop to visit the official site and don't add bad extensions to the browser then it's fine you use the desktop for whatever purposes it takes, but make sure anti-virus security has been enabled on the desktop to detect viruses in realtime, my friend's desktop is recent it's having malware for copy address replacing automatically from address hacker, so i have helped to fix that problem and antivirus gave source address of virus folder which turned out to be due to installing unofficial application, so be careful installing unofficial application on your desktop. 
Topic: New virus & malware automatically empties crypto exchange accounts - page 2. (Read 282 times)
April 06, 2023, 04:33:42 PM
April 06, 2023, 02:33:08 PM
This is one of the main reason why I limit myself from using desktop to access important information, although it's not that using a phone would prevent us from getting attacked I think we just have ti to be very careful to a safety level. This are happening and we should make sure that we learn from other people's mistakes. Using an exchange is good even though most of us here would never want to be sincere to themselves. We need to make sure we are a wallet where we store our coins and send them to an exchange if we want to trade them.
April 06, 2023, 02:22:42 PM
But what if the 2FA app is on another device? Will the malware still be able to steal the code? The code, is it the secret code or the OTP that the malware can reveal to hackers?
If the 2FA is on another uncompromised device, the malware won't be able to steal the code. What the malware could do is to forge a dialogs, so, the way the user can get deceived is by inputting their OTPs on the exchange because it pretends to be a device authorization request, while actually in the background, that particular OTP is used to make the withdrawal.
non-Chromium-based web browsers like - Microsoft Edge,
Microsoft Edge is a Chromium-based browser.
April 06, 2023, 09:24:41 AM
So to sum it up., in order to avoid such malware, you would have to completely avoid using Google or any Chromium-based browser and instead use Firefox as well as becoming a minimalist with regards to installing extensions, except for uBlock Origin, of course.
Not only that, to achieve optimal security with such malwares, it would be beneficial for people to have a separate computer or laptop used solely for crypto purposes. I have my old laptop with Linux Mint installed, and it only contains the necessary applications for doing Bitcoin transactions - nothing else.
Furthermore, upon researching, it appears that the malware disables the Content Security Policy (CSP), which makes the system vulnerable to attacks.
Now If you're too paranoid about automatic withdrawals on crypto exchanges, we can add another security layer by "whitelisting" an address so that he exchange will only allow withdrawals to previously whitelisted addresses.
These are the only measure I could think to prevent something bad from happening, or else you'd become a crybaby losing your hard-earned money.
Not only that, to achieve optimal security with such malwares, it would be beneficial for people to have a separate computer or laptop used solely for crypto purposes. I have my old laptop with Linux Mint installed, and it only contains the necessary applications for doing Bitcoin transactions - nothing else.
Furthermore, upon researching, it appears that the malware disables the Content Security Policy (CSP), which makes the system vulnerable to attacks.
Rilide’s background script attaches a listener to the tabs.onActivated and webRequest.onHeadersReceived events and removes the Content Security Policy (CSP) directive for all requests. This allows the extension to perform an XSS attack and load external resources that would otherwise be blocked by the CSP. The app script adds another listener to the DOMContentLoaded event and retrieves a list of targeted domains from the C2. If the current domain matches any of the listed targets, designated scripts are injected into the webpage.
Now If you're too paranoid about automatic withdrawals on crypto exchanges, we can add another security layer by "whitelisting" an address so that he exchange will only allow withdrawals to previously whitelisted addresses.
These are the only measure I could think to prevent something bad from happening, or else you'd become a crybaby losing your hard-earned money.
April 06, 2023, 07:51:53 AM
The scary thing about this is that this virus is just a strian. That is, there are other malwares with similar capabilities as the Rilide virus and they are for sale as web browser extensions. From the article the malware is designed to attack Chromium-based web browsers like Google Chrome,
Opera, Brave, Vivaldi,Yandex Browser therefore folks who use non-Chromium-based web browsers like - Mozilla Firefox, Safari, Microsoft Edge, Tor Browser, SeaMonkey, Pale Moon, Midori, Konqueror are off the hook on this one but must remain vigilant against phishing attacks and stay informed about the latest cybersecurity threats and safety practices some of which have been mentioned by Upgrade00.
Opera, Brave, Vivaldi,Yandex Browser therefore folks who use non-Chromium-based web browsers like - Mozilla Firefox, Safari, Microsoft Edge, Tor Browser, SeaMonkey, Pale Moon, Midori, Konqueror are off the hook on this one but must remain vigilant against phishing attacks and stay informed about the latest cybersecurity threats and safety practices some of which have been mentioned by Upgrade00.
April 06, 2023, 06:51:35 AM
The virus comes from a browser extension, this is a common trick scammers use to gain access to our devices. When browsing on the internet we should adopt safety practices;
• Do not allow unverified extensions, if there's an alternative avoid them entirely,
• Do not click unverified links,
• Do not download random apps from appstores or PDF files which can contain malwares,
• Use an ad blocker to protect against pop ups.
As a crypto user the ultimate safety hack is keeping your stash off exchanges and permanently offline. This way they cannot be hacked.
• Do not allow unverified extensions, if there's an alternative avoid them entirely,
• Do not click unverified links,
• Do not download random apps from appstores or PDF files which can contain malwares,
• Use an ad blocker to protect against pop ups.
As a crypto user the ultimate safety hack is keeping your stash off exchanges and permanently offline. This way they cannot be hacked.
April 06, 2023, 06:43:06 AM
But what if the 2FA app is on another device? Will the malware still be able to steal the code? The code, is it the secret code or the OTP that the malware can reveal to hackers? If it is the secret code, that means the advice that you should use another device for 2FA is always valid, yes it is valid, but it is good to avoid malware generally.
Another source of malware are downloading of torrent files.
However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn. It is easier to attack crypto users through porn sites. But it seems that this new malware is more dangerous than previous ones. It can obtain your two-factor authentication by tricking you, so be careful, guys.
I do not think is it visiting of gambling and porn sites that actually cause that, it is the visit of illicit gambling and porn sites that google and other search engines can popup, or that you saw through ads and link ads. Also in anything we visit, we should always avoid malware. Just commenting because in every aspect of life, there are legit sites, be it gambling, exchanges and the likes.It has been suggested for a long time not to store your crypto in an exchange. Instead, use a non-custodial wallet or a hardware wallet so that malware won't damage you when you are using a hardware wallet. Even a non-custodial software wallet isn't safe from malware if both are on the same device.
Noncustodial wallet can be online, they are also not safe against malware. Also people that uses hardware wallet should still be very careful of malware. Also people that are even using a means of having cold storage wallet like paper wallet and wallet on an airgapped device should be very careful.Another source of malware are downloading of torrent files.
April 06, 2023, 06:29:35 AM
You can read the full details here: "New Virus Automatically Empties Crypto Exchange Accounts" - this is the topic title used from that article.
However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn. It is easier to attack crypto users through porn sites. But it seems that this new malware is more dangerous than previous ones. It can obtain your two-factor authentication by tricking you, so be careful, guys.
It has been suggested for a long time not to store your crypto in an exchange. Instead, use a non-custodial wallet or a hardware wallet so that malware won't damage you when you are using a hardware wallet. Even a non-custodial software wallet isn't safe from malware if both are on the same device.
However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn. It is easier to attack crypto users through porn sites. But it seems that this new malware is more dangerous than previous ones. It can obtain your two-factor authentication by tricking you, so be careful, guys.
It has been suggested for a long time not to store your crypto in an exchange. Instead, use a non-custodial wallet or a hardware wallet so that malware won't damage you when you are using a hardware wallet. Even a non-custodial software wallet isn't safe from malware if both are on the same device.
Jump to: