Author

Topic: New virus & malware automatically empties crypto exchange accounts (Read 282 times)

sr. member
Activity: 1246
Merit: 262
Its possible with new virus and malware for accessing exchange account via mobile phone application? seems danger when hearing every day with new malware and virus exactly with computer without have securing access and easy got malware. But based on source link I read only talk about computer access with exchange account via browser or desktop and how possibilities with exchange account access trough mobile phone application?

Long term not accessing account exchange trough computer and ever use mobile phone exchange application like our local exchange have been support with application android and IOS, by the way will 2FA and email verification can't stopping with malware and virus to access our exchange account?
legendary
Activity: 2730
Merit: 7065
This is the reason why you should refrain yourself for visiting sites where you get infected with malware, and force you to install software, why i said force, it is because they are now in control of your computer, so to be safe, never ever visit these porn sites Free downloads of movies free software's, this is where they inject their malware.
Despite the warnings, many people do exactly that. Some of it is justified, others aren't. Torrenting and downloading torrents is popular and will always be popular. But at least pay attention where you get your torrents from, who the uploaders are, and what devices you watch those movies on. The same rules apply to porn or cracked software. Don't engage in these hobbies on the same device you use for your financials. Keep your money separated from everything else. Have a second device for work (if you need it) and a 3rd one for risky ventures like the ones you mentioned.

Thus, if you mess up and get your risky laptop infected, nothing bad can happen to laptops #2, #3, etc.   
sr. member
Activity: 658
Merit: 387
It's never a good option to hand over our security and assets protection into the hand of others, if one must use a centralized exchange, we should buy and withdraw back to our private wallet, centralized exchanges are suppose to be only for buying and selling and not for storing crypto.

whitelisting" an address so that he exchange will only allow withdrawals to previously whitelisted addresses.

These are the only measure I could think to prevent something bad from happening, or else you'd become a crybaby losing your hard-earned money.

To some point it's safer to whitelist an address which the exchange will only allow withdraw to, what then will happen if users lost access to that wallet? Like, the wallet becomes compromised, lost private key to it etc. Will their be another alternative to allow withdrawal with a different address or the users will be asked to pass other form of verification before it can be possible for a wallet change?
full member
Activity: 728
Merit: 151
Defend Bitcoin and its PoW: bitcoincleanup.com
You can read the full details here: "New Virus Automatically Empties Crypto Exchange Accounts" - this is the topic title used from that article.

However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn. It is easier to attack crypto users through porn sites. But it seems that this new malware is more dangerous than previous ones. It can obtain your two-factor authentication by tricking you, so be careful, guys.

It has been suggested for a long time not to store your crypto in an exchange. Instead, use a non-custodial wallet or a hardware wallet so that malware won't damage you when you are using a hardware wallet. Even a non-custodial software wallet isn't safe from malware if both are on the same device.
This is the reason why you should refrain yourself for visiting sites where you get infected with malware, and force you to install software, why i said force, it is because they are now in control of your computer, so to be safe, never ever visit these porn sites Free downloads of movies free software's, this is where they inject their malware and once you play or run an application their malware will also be installed, sometimes even without you knowing, i have been a victim before, if you are familiar with yahoo messenger where when you click a message your yahoo account starts sending others on your list, a link messages and once they have click that, it will spread like non stop, so if you are into crypto avoid doing this in your home network, even with antivirus sometimes when you accidentally allow it once, it will never be stop.
sr. member
Activity: 1932
Merit: 442
Eloncoin.org - Mars, here we come!
Thank you for sharing this which now has a lot of questions in my mind and made me confused.
Is the 2FA verification will really be bypassed by this malware? the OTP code that sends to our mobile number and the email verification process. Perhaps --those accounts that don't have these extra security levels will be affected by the malware infection, I am right?

Perhaps, your computer must always have extra security level protection against this.
Use anti-virus and anti-malware software that is reputable software on your computer, and keep it up to date with the latest virus definitions and also use a firewall --it can help to prevent malware from accessing your computer by blocking unauthorized incoming and outgoing network traffic.
There's nothing particularly surprising or confusing about this. When you log into an exchange, they typically require you to use two-factor authentication (2FA). However, hackers have developed tools that allow them to withdraw funds from your account using your 2FA code, whether it's a Google 2FA or SMS 2FA code. They accomplish this by using malware to input your 2FA code on their withdrawal page, thereby making the withdrawal appear legitimate. This is how even the Electrum wallet was hacked. You can look it up for more information.
Thank you for your brief explanation.
Technically --I did not know that there is a kind of attack like this to uses malware to intercept 2FA codes and use them to gain unauthorized access to online accounts on the exchange.

One last more question --how about the exchange? are they not able to detect that the withdrawal comes from the attacker?
For example, changing of IP address upon requesting a withdrawal. Because as I know exchange platforms typically have enhanced security measures in place to detect and prevent unauthorized access and fraudulent activity. These measures may include monitoring unusual account activity, analyzing transaction patterns, and using machine learning algorithms to detect anomalies.
sr. member
Activity: 728
Merit: 388
Vave.com - Crypto Casino
This happens through browsers extensions too, be careful with Chrome browser and its extensions because there are a lot of bad extensions on there.

When it comes to bad malicious browser extensions, not even your antivirus can save you, also when accessing your exchange account make sure you need more than 2FA code to make a transaction.

I use binance exchange and I need two separate codes to approve a withdrawal, one straight to my mobile number and the second is my 2FA code, there is also an option to add extra layer security with a separate withdrawal code, some call this Fund password while others call it Anti-phishing.
hero member
Activity: 2660
Merit: 651
Want top-notch marketing for your project, Hire me
But what if the 2FA app is on another device?
There is no way the malware will be able to steal the code if the 2FA app is on another device but I believe the trick used by the hackers is to create a mirror of the exchange account or platform so once the 2FA code is entered it also automatically give access to their victim account. However, it is good to use paid update antivirus (internet security) software, set the firewall, always update your operating system software and always be cautious when opening and downloading attachments online.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
Thank you for sharing this which now has a lot of questions in my mind and made me confused.
Is the 2FA verification will really be bypassed by this malware? the OTP code that sends to our mobile number and the email verification process. Perhaps --those accounts that don't have these extra security levels will be affected by the malware infection, I am right?

Perhaps, your computer must always have extra security level protection against this.
Use anti-virus and anti-malware software that is reputable software on your computer, and keep it up to date with the latest virus definitions and also use a firewall --it can help to prevent malware from accessing your computer by blocking unauthorized incoming and outgoing network traffic.
There's nothing particularly surprising or confusing about this. When you log into an exchange, they typically require you to use two-factor authentication (2FA). However, hackers have developed tools that allow them to withdraw funds from your account using your 2FA code, whether it's a Google 2FA or SMS 2FA code. They accomplish this by using malware to input your 2FA code on their withdrawal page, thereby making the withdrawal appear legitimate. This is how even the Electrum wallet was hacked. You can look it up for more information.
sr. member
Activity: 1820
Merit: 436
It seems ridiculous that it could obtain your 2FA authenticator at some point, some could bypass 2FA authentication because it's already login on the owner's browsers only when you log in to other computers.

As well as visiting gambling or porn websites could not easily infiltrate your computer, I mean you can not download any malware on your computer unless you allow it to be downloaded, when something pops up and you download that exe or file that could possibly be it. I mean you could do a lot of ways to secure your computer and as long as you are aware there's a very low chance that you're gonna get infiltrated.



Ways to secure our PC from hacking

  • Use a firewall.
  • Installyantivirusysoftwareyyyyyyyyyyyyyyyyyyyyyyy
  • Install an anti-spyware package
  • Use complex passwords
  • Keep your OS, apps and browser up-to-date
  • Ignore spam
  • Back up your computer
  • Use virtualization
  • Secure your network
  • Use two-factor authentication
  • Use encryption

For mobile devices

  • Turn off Bluetooth.
  • Don’t use unsecured public Wi-Fi
  • Get a security app
  • Use a better passcode
  • Switch off autocomplete
  • Clear your browsing history
hero member
Activity: 868
Merit: 737
However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn.
Sometimes, they will attack the explorer too, I have ever seen my balance empty suddenly in Bitcoin Explorer, there is indicated if there is a transfer, it makes me panic and immediately go to another explorer to check what happens. fortunately, my balance is still there, not going to another address. As for this thing, I was close to contacting the explorer, and maybe if I contacted the detected email, they will guide me to give my private key and seed. So becarefull as this thing also.
legendary
Activity: 1554
Merit: 1139
However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn. It is easier to attack crypto users through porn sites. But it seems that this new malware is more dangerous than previous ones. It can obtain your two-factor authentication by tricking you, so be careful, guys.

It has been suggested for a long time not to store your crypto in an exchange.
How does it do that, trick you into getting or giving away your 2-FA.
Recall this is a step towards security and one could be at ease with it in place although, not so much as, your mails could be compromised at some points or end but, its still up to you and where you might have previously logged in.

True enough, exchanges are no wallets and as such, users need to be mindful of what they let stay on exchanges.
sr. member
Activity: 1932
Merit: 442
Eloncoin.org - Mars, here we come!
Thank you for sharing this which now has a lot of questions in my mind and made me confused.
Is the 2FA verification will really be bypassed by this malware? the OTP code that sends to our mobile number and the email verification process. Perhaps --those accounts that don't have these extra security levels will be affected by the malware infection, I am right?

Perhaps, your computer must always have extra security level protection against this.
Use anti-virus and anti-malware software that is reputable software on your computer, and keep it up to date with the latest virus definitions and also use a firewall --it can help to prevent malware from accessing your computer by blocking unauthorized incoming and outgoing network traffic.
hero member
Activity: 1834
Merit: 879
Rollbit.com ⚔️Crypto Futures
With all these kind of malwares, I honestly think cryprocurrencies were mearnt for millennials that cant easily fall for such kind of tricks!!
And one take away from this ,popular means easy  target...and seeing that Rilide targets chromium based browser's we could be safer with the less popular browsers such as Firefox etc, but then again these google guys need to start a clean up on the chromium store and play store to reduce the damage,  hope not so many people have lost through  this.

And this malware is quite interesting, just an extension and its has the keys to your stash, thankfully 2fa device for me is never the PC.
sr. member
Activity: 1316
Merit: 379
Fully Regulated Crypto Casino
Is  there any way our mobile device will be affected as well?
Since some users already said it will be affected through unverified extension, meaning it may likely affect smartphones because I am on the safer side using phone due some unforeseen treat and attack that may arise from desktop.
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
The virus comes from a browser extension, this is a common trick scammers use to gain access to our devices. When browsing on the internet we should adopt safety practices;
• Do not allow unverified extensions, if there's an alternative avoid them entirely,
• Do not click unverified links,
• Do not download random apps from appstores or PDF files which can contain malwares,
• Use an ad blocker to protect against pop ups.
I think the shortcut on this one for those non-technical people is the first one and that's to not download any extension that they're unfamiliar with. And even they're familiar with what they're downloading, they need to look at it first and see if it's from the official service and company that they want to download.

I guess the most common thing on this imitation will be from Metamask users. It's a very popular browser extension and wallet and it has a lot of users and keeps on adding more.

As a crypto user the ultimate safety hack is keeping your stash off exchanges and permanently offline. This way they cannot be hacked.
I agree, but no matter how many times we remind everyone. It is a personal choice that they think is less of the hassle because they can trade on an instant without doing deposit/withdrawal waiting time.
hero member
Activity: 994
Merit: 744
The virus comes from a browser extension, this is a common trick scammers use to gain access to our devices. When browsing on the internet we should adopt safety practices;
• Do not allow unverified extensions, if there's an alternative avoid them entirely,
• Do not click unverified links,
• Do not download random apps from appstores or PDF files which can contain malwares,
• Use an ad blocker to protect against pop ups.

As a crypto user the ultimate safety hack is keeping your stash off exchanges and permanently offline. This way they cannot be hacked.
I do things like this, and it's possible that's why my system was recently infected with malware.

Malware is extremely dangerous and can destroy someone's cryptocurrency carrier with a single mistake. For example, if you copy an address to send your entire Bitcoin to and the malware virus changes the address and you don't notice it, your entire Bitcoin is gone.
It is always a good idea to double-check any address to which you are sending Bitcoin because malware can change it and replace it with another with nearly the same beginning and end of the address.
sr. member
Activity: 832
Merit: 286
DGbet.fun - Crypto Sportsbook
snip
Thank you for sharing a lot of knowledge to avoid viruses and malware, but for PC users should avoid installing unofficial applications because some components have been modified to embed viruses and malware files, so always be careful and improve security features, another important advice that don't connect the main wallet to any site for trading or other needs, always use another wallet option for wallet connection purposes to avoid hacking that can harm our wallet.
legendary
Activity: 2954
Merit: 1153
We can also use virtual systems in our regular browsing sessions.  It is easy to install virtual drives and create an artificial operating system in our main system.  This will somehow prevent attacks on the main system directly if we happen to mistakenly click unverified links and other possible malware injections into our main system.

This article[1] gives a list of precautions in preventing our pc and mobile system to be corrupted or infiltrated by malwares.

I will list them here directly so that anyone interested doesn't have to go out of the forum but if you wanted to read the details then you can open the link below.

Ways to secure our PC from hacking

  • Use a firewall.
  • Installyantivirusysoftwareyyyyyyyyyyyyyyyyyyyyyyy
  • Install an anti-spyware package
  • Use complex passwords
  • Keep your OS, apps and browser up-to-date
  • Ignore spam
  • Back up your computer
  • Use virtualization
  • Secure your network
  • Use two-factor authentication
  • Use encryption

For mobile devices

  • Turn off Bluetooth.
  • Don’t use unsecured public Wi-Fi
  • Get a security app
  • Use a better passcode
  • Switch off autocomplete
  • Clear your browsing history

Aside from the given method of securing our pc and mobile data and information, nothing beats being vigilant and suspicious on every site we visit. I believe the kind of malware strain mentioned by @OP  can be prevented by setting up a virtual system for protecting our main system from being infected since it provides an artificial separate environment within the main system and can be easily installed and deleted anytime.




[1] https://www.businessnewsdaily.com/11213-secure-computer-from-hackers.html
hero member
Activity: 1736
Merit: 501
When browsing the internet this kind of thing I'm worried about, it's very important to protect our devices from virus threats and scams. As you mentioned being careful when visiting porn and gambling sites, we must also Avoid unverified browser extensions and avoid clicking on unverified links is a good way to prevent fraud and illegal access to our devices. Also, not downloading random apps or files that may contain malware and using an ad blocker can also help protect our devices from online virus and malware threats.

As a crypto user, it is very important to take strong security measures to protect our crypto holdings. Keeping our crypto deposits off exchanges and permanently offline is one of the best ways to protect our crypto from hacks and other cyber attacks. Additionally, using a secure wallet and taking additional security measures such as using 2FA can also help protect our crypto from security threats.
full member
Activity: 504
Merit: 144
Microsoft Edge is a Chromium-based browser.
If you don't want Chromium-based browsers, use Firefox, Tor browsers.

Overview on browsers. Which one should we use? Support free web while browsing.
hero member
Activity: 2282
Merit: 589
This is one of the main reason why I limit myself from using desktop to access important information, although it's not that using a phone would prevent us from getting attacked I think we just have ti to be very careful to a safety level. This are happening and we should make sure that we learn from other people's mistakes. Using an exchange is good even though most of us here would never want to be sincere to themselves. We need to make sure we are a wallet where we store our coins and send them to an exchange if we want to trade them.
If we use the desktop to visit the official site and don't add bad extensions to the browser then it's fine you use the desktop for whatever purposes it takes, but make sure anti-virus security has been enabled on the desktop to detect viruses in realtime, my friend's desktop is recent it's having malware for copy address replacing automatically from address hacker, so i have helped to fix that problem and antivirus gave source address of virus folder which turned out to be due to installing unofficial application, so be careful installing unofficial application on your desktop.
hero member
Activity: 1176
Merit: 543
fillippone - Winner contest Pizza 2022
This is one of the main reason why I limit myself from using desktop to access important information, although it's not that using a phone would prevent us from getting attacked I think we just have ti to be very careful to a safety level. This are happening and we should make sure that we learn from other people's mistakes. Using an exchange is good even though most of us here would never want to be sincere to themselves. We need to make sure we are a wallet where we store our coins and send them to an exchange if we want to trade them.
legendary
Activity: 1932
Merit: 1273
But what if the 2FA app is on another device? Will the malware still be able to steal the code? The code, is it the secret code or the OTP that the malware can reveal to hackers?

If the 2FA is on another uncompromised device, the malware won't be able to steal the code. What the malware could do is to forge a dialogs, so, the way the user can get deceived is by inputting their OTPs on the exchange because it pretends to be a device authorization request, while actually in the background, that particular OTP is used to make the withdrawal.

non-Chromium-based web browsers like - Microsoft Edge,

Microsoft Edge is a Chromium-based browser.
legendary
Activity: 1904
Merit: 1563
So to sum it up., in order to avoid such malware, you would have to completely avoid using Google or any Chromium-based browser and instead use Firefox as well as becoming a minimalist with regards to installing extensions, except for uBlock Origin, of course.

Not only that, to achieve optimal security with such malwares, it would be beneficial for people to have a separate computer or laptop used solely for crypto purposes. I have my old laptop with Linux Mint installed, and it only contains the necessary applications for doing Bitcoin transactions - nothing else.

Furthermore, upon researching, it appears that the malware disables the Content Security Policy (CSP), which makes the system vulnerable to attacks.

Rilide’s background script attaches a listener to the tabs.onActivated and webRequest.onHeadersReceived events and removes the Content Security Policy (CSP) directive for all requests. This allows the extension to perform an XSS attack and load external resources that would otherwise be blocked by the CSP. The app script adds another listener to the DOMContentLoaded event and retrieves a list of targeted domains from the C2. If the current domain matches any of the listed targets, designated scripts are injected into the webpage.

Now If you're too paranoid about automatic withdrawals on crypto exchanges, we can add another security layer by "whitelisting" an address so that he exchange will only allow withdrawals to previously whitelisted addresses.

These are the only measure I could think to prevent something bad from happening, or else you'd become a crybaby losing your hard-earned money.
hero member
Activity: 1120
Merit: 887
Livecasino.io
The scary thing about this is that this virus is just a strian. That is, there are other malwares with similar capabilities as the Rilide  virus and they are for sale as web browser extensions. From the article the malware is designed to attack Chromium-based web browsers like Google Chrome,
Opera, Brave, Vivaldi,Yandex Browser therefore folks who use non-Chromium-based web browsers like - Mozilla Firefox, Safari, Microsoft Edge, Tor Browser, SeaMonkey, Pale Moon, Midori, Konqueror are off the hook on this one but must remain vigilant against phishing attacks and stay informed about the latest cybersecurity threats and safety practices some of which have been mentioned by Upgrade00.
legendary
Activity: 2114
Merit: 2248
Playgram - The Telegram Casino
The virus comes from a browser extension, this is a common trick scammers use to gain access to our devices. When browsing on the internet we should adopt safety practices;
• Do not allow unverified extensions, if there's an alternative avoid them entirely,
• Do not click unverified links,
• Do not download random apps from appstores or PDF files which can contain malwares,
• Use an ad blocker to protect against pop ups.

As a crypto user the ultimate safety hack is keeping your stash off exchanges and permanently offline. This way they cannot be hacked.
legendary
Activity: 1512
Merit: 4795
Leading Crypto Sports Betting & Casino Platform
But what if the 2FA app is on another device? Will the malware still be able to steal the code? The code, is it the secret code or the OTP that the malware can reveal to hackers? If it is the secret code, that means the advice that you should use another device for 2FA is always valid, yes it is valid, but it is good to avoid malware generally.

However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn. It is easier to attack crypto users through porn sites. But it seems that this new malware is more dangerous than previous ones. It can obtain your two-factor authentication by tricking you, so be careful, guys.
I do not think is it visiting of gambling and porn sites that actually cause that, it is the visit of illicit gambling and porn sites that google and other search engines can popup, or that you saw through ads and link ads. Also in anything we visit, we should always avoid malware. Just commenting because in every aspect of life, there are legit sites, be it gambling, exchanges and the likes.

It has been suggested for a long time not to store your crypto in an exchange. Instead, use a non-custodial wallet or a hardware wallet so that malware won't damage you when you are using a hardware wallet. Even a non-custodial software wallet isn't safe from malware if both are on the same device.
Noncustodial wallet can be online, they are also not safe against malware. Also people that uses hardware wallet should still be very careful of malware. Also people that are even using a means of having cold storage wallet like paper wallet and wallet on an airgapped device should be very careful.

Another source of malware are downloading of torrent files.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
You can read the full details here: "New Virus Automatically Empties Crypto Exchange Accounts" - this is the topic title used from that article.

However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn. It is easier to attack crypto users through porn sites. But it seems that this new malware is more dangerous than previous ones. It can obtain your two-factor authentication by tricking you, so be careful, guys.

It has been suggested for a long time not to store your crypto in an exchange. Instead, use a non-custodial wallet or a hardware wallet so that malware won't damage you when you are using a hardware wallet. Even a non-custodial software wallet isn't safe from malware if both are on the same device.
Jump to: