Author

Topic: Phemedrone Stealer targeting crypto wallets, do not click URL shorteners (Read 258 times)

member
Activity: 238
Merit: 59
   
   It is very good and safe when we remind ourselves of these important information because some of us forget or are hesty at times,and so we fall into these traps. You know, short links disregard your state of being away from public attention and  want to harm the security of your device and data, also make your group of people accessible to security risk or even banned contract . These short links are being used by spammers and cybercriminals in other to hide links from having a desired to cause harm to another websites,and they use  shortened URLfor phishing sites and setup downloads by directing the victims, some short links may stop functioning or have ended on spam blocklist.
hero member
Activity: 2366
Merit: 793
Bitcoin = Financial freedom

How this may affect you, you ask?  One such possibility is the one described by OP.  Another possibility is you can be redirected to fake websites where you can input real information.  The information then goes in the wrong hands and you will ultimately become a victim.


It depends on what kind of malware being injected into our system and almost anything can be done remotely if an attacker can get you install an infected file and let's say the complete control of your device will be on the attacker side too which including, crypto wallets, personal files.

I don't really navigate to any website if it's coming from a shortened url, always just go and search the website by yourself and don't even trust the results shown by the google in the top.
hero member
Activity: 3024
Merit: 745
Top Crypto Casino
~snip~

Laptop though are getting cheaper, maybe if we can get a second hand and then we do all the thing like formatting and reinstalling everything, if might do good for us in the long run.
If you don't really have a budge to get a brand new one, then that's it if you are in need to own a laptop through second hand. But I'd say that don't settle for it when you're going to use it for your wallets. It's much better that you still save for a brand new.

But this shorteners though, they are now exposed as a big problem because we really don't know the content of the links until it's too late. So it's not wise to just click on them even if the source is someone that we can trust as we don't know if they've been hack or something and then hackers using their account to spread the malware to anyone. So prevention is the key here and obviously we should learn this very tips or revisit threads from time to time, sort of refresher on security.
That's why there are short link checkers and that's what we can do to check on the contents of it or what actually the link is all about. There have been links dropped already on how to check one. I agree that it's still prevention that's better than containing it because you'll never know if someone has dealt with these before or it's gonna be for the first time.

Be aware of links you click on Bitcoin Talk too.  Make sure you hover your mouse over the link and check if it truly leads to the link it should.
I agree, especially if there are topics that are posted by other members that aren't reputable. The tendecy of them posting some unknown links and if you're too curious to check it quickly without checking, you might fall for the trap.
legendary
Activity: 2576
Merit: 1655

On a side note.  Is Coinomi not a mobile only Wallet?  How is it affected by this virus?

No Coinomi has a desktop version too,



https://www.coinomi.com/en/

But I do agree, everything right now is being abused by this cyber groups, Clicking on this links without us knowing what is really inside is very dangerous as they can stuff it with legitimate looking websites but it could be that those are fake and just trying to trick us by either entering our info or in this case, downloading malware on your computer.
hero member
Activity: 882
Merit: 1873
Crypto Swap Exchange
Be aware of links you click on Bitcoin Talk too.  Make sure you hover your mouse over the link and check if it truly leads to the link it should.

You can easily be attacked by a very simple trick.  www.bitcointalk.org will direct you to Evil Google instead of Bitcoin Talk.  It is a very basic BB Code any body can use.

How this may affect you, you ask?  One such possibility is the one described by OP.  Another possibility is you can be redirected to fake websites where you can input real information.  The information then goes in the wrong hands and you will ultimately become a victim.

On a side note.  Is Coinomi not a mobile only Wallet?  How is it affected by this virus?
hero member
Activity: 798
Merit: 1045
Goodnight, ohh Leo!!! 🦅
As long as these fraudsters ain't quitting their act just yet, do well to secure your funds by avoiding any form of hostage, promotional/invitational links, shortcut links etc.. I can see they ain't relinquishing; why? Cus some dummies still fall for their trick and get drained...how would they keep being innovative if this ain't paying them at the end?? So in all, information is KEY...  I like the fact that you made this clear to everyone.

I'll also add that - most people would always wanna avoid this ill-omen.. nobody wants to get robbed off their cash, but some lack technical knowledge and that's Thier(hacker's) bypass.. cus for everytime you mess up, you get hit

Sandra 🧑‍🦰
hero member
Activity: 2632
Merit: 833
I think MacOS is more accessible to some users here as compare to some Linux flavors. I switch to MacOS way back 2018 and it was a good decision and investment as well. Although there is some challenges in the beginning if you are used to being a Windows users for many years.
I've been using windows for so long and planning to do some upgrades and about to get into MacOS soon. And that's one reason of it, the attacks that have been happening there is rarely heard but that's my scare on how I'll adopt the surface and new theme of it but I'll get there and deal with it once I already own one.  Smiley

For this case, it could be advisable though that we separate things with our cryptos whether pc/laptops for daily used. And have a different machine for lets say for surfing the net and whatever things we like to do except our crypto activities. It might be costly for others, but at least you are safe from this kind of attacks. We always need to think twice being clicking any URL shorteners for sure as a result of this exploits.
Yeah, that's one cons of it that it's going to be costly. So to those that have this problem that they can't have additional or extra devices/laptops/PCs, you'll have to be more careful and start with yourself of getting educated on how you're going to avoid these link attackers, malware, etc. Just don't be a random guy that's too curious in knowing what's the link behind those shortcut URL links and a good suggestion about checking them through shortlink checkers.

Laptop though are getting cheaper, maybe if we can get a second hand and then we do all the thing like formatting and reinstalling everything, if might do good for us in the long run. But this shorteners though, they are now exposed as a big problem because we really don't know the content of the links until it's too late. So it's not wise to just click on them even if the source is someone that we can trust as we don't know if they've been hack or something and then hackers using their account to spread the malware to anyone. So prevention is the key here and obviously we should learn this very tips or revisit threads from time to time, sort of refresher on security.
member
Activity: 966
Merit: 25
Ton Together | Save Smart & Win Big
I'm truly appreciative of those who generously share their knowledge, preventing others from falling into traps. This information is invaluable. Given the constant growth in technology, there's a parallel rise in methods used by ill-intentioned individuals to steal money. Keeping up with daily tech news can be cumbersome, but stumbling upon these crucial insights while engaging in forums simplifies the process. It's like discovering vital knowledge naturally amidst meaningful discussions. In a world where technology evolves every day, being part of such forums not only fosters community but also ensures we stay informed about emerging threats without the need for intentional searches.
legendary
Activity: 2072
Merit: 4265
✿♥‿♥✿

I think MacOS is more accessible to some users here as compare to some Linux flavors.

There are several Linux distributions with an interface similar to Windows. You just need to try it, and you will see how convenient Linux systems are to use. Yes, everyone thinks that working with Linux requires knowledge of the command line, but developers create it so simply that some systems work right out of the box. It’s safe to say that anyone who has figured it out and understood all the advantages of Linux systems will return to Windows just for the sake of toys. For everything else, Windows is a bad system.
Try installing these systems on VirtualBox for practice and analysis.

https://zorin.com/os/
https://www.linuxfx.org/
https://linuxmint.com/
hero member
Activity: 2842
Merit: 772
Same old story about hellish combination between malware and windows os  Tongue
Simple solutions is to stop using windows and switch to open source Linux os (Fedora, Debian, etc), and even MacOS is better than win-nightmare.
I never heard a single case of someone getting infected with crap like and lost coins while using linux... just sayin.

I myself uses MacOS, but there were times I will switch to Windows operating system.

And I tip of my hats to those who uses Linux OS like the one mentioned, I haven't try it though, but I have experienced using Unix OS way before when I was still working and I love the ease of use of it. But it's not for everyone.

Prevention is better and I avoid clicking on strange links or shortened links.

If you are curious, you can check shortened links with
https://checkshorturl.com/
https://unshorten.it/
https://linkunshorten.com/
https://urlex.org/
https://redirectdetective.com/

Good list to look at URL shortener links as they could be used by attackers as well.
sr. member
Activity: 854
Merit: 424
I stand with Ukraine!
We can use another tip to detect full url from shortened url by adding +1 at the end of a shortened url (applicable for most types of shortened url) or Preview at beginning of tinyurl links.

Shortened URL Security

Quote
Before You Click, Reveal Full URLs

Use the shortening service preview feature. Type the shortened URL in the address bar of your web browser and add the characters described below to see a preview of the full URL:
hero member
Activity: 3024
Merit: 745
Top Crypto Casino
I think MacOS is more accessible to some users here as compare to some Linux flavors. I switch to MacOS way back 2018 and it was a good decision and investment as well. Although there is some challenges in the beginning if you are used to being a Windows users for many years.
I've been using windows for so long and planning to do some upgrades and about to get into MacOS soon. And that's one reason of it, the attacks that have been happening there is rarely heard but that's my scare on how I'll adopt the surface and new theme of it but I'll get there and deal with it once I already own one.  Smiley

For this case, it could be advisable though that we separate things with our cryptos whether pc/laptops for daily used. And have a different machine for lets say for surfing the net and whatever things we like to do except our crypto activities. It might be costly for others, but at least you are safe from this kind of attacks. We always need to think twice being clicking any URL shorteners for sure as a result of this exploits.
Yeah, that's one cons of it that it's going to be costly. So to those that have this problem that they can't have additional or extra devices/laptops/PCs, you'll have to be more careful and start with yourself of getting educated on how you're going to avoid these link attackers, malware, etc. Just don't be a random guy that's too curious in knowing what's the link behind those shortcut URL links and a good suggestion about checking them through shortlink checkers.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
Same old story about hellish combination between malware and windows os  Tongue
Simple solutions is to stop using windows and switch to open source Linux os (Fedora, Debian, etc), and even MacOS is better than win-nightmare.
I never heard a single case of someone getting infected with crap like and lost coins while using linux... just sayin.
Windows indeed have a lot of problems but if that's the case then I wouldn't have used my wallet or even install a wallet in a device that is used daily or more than once a week and have to buy another device for transaction purpose only. Prevention is better than doing nothing at all or becoming a victim first especially those who downloaded softwares in an unknown source.  Safety is a must if we are in crypto even for person may be an average investor or not.
legendary
Activity: 2576
Merit: 1655
Same old story about hellish combination between malware and windows os  Tongue
Simple solutions is to stop using windows and switch to open source Linux os (Fedora, Debian, etc), and even MacOS is better than win-nightmare.
I never heard a single case of someone getting infected with crap like and lost coins while using linux... just sayin.

I think MacOS is more accessible to some users here as compare to some Linux flavors. I switch to MacOS way back 2018 and it was a good decision and investment as well. Although there is some challenges in the beginning if you are used to being a Windows users for many years.

For this case, it could be advisable though that we separate things with our cryptos whether pc/laptops for daily used. And have a different machine for lets say for surfing the net and whatever things we like to do except our crypto activities. It might be costly for others, but at least you are safe from this kind of attacks. We always need to think twice being clicking any URL shorteners for sure as a result of this exploits.
hero member
Activity: 3150
Merit: 636
DGbet.fun - Crypto Sportsbook
Those who likes to click random links they see on the groups that they are will be vulnerable to this but if you're someone that don't get along with those links randomly, you're going to be fine.

Do not download as well from unofficial and random sources for the files that you need. They're all taking advantages of it, coming from giveaways, and also I remember the airdrop folks, you're prone to this stealer.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
Those who are related to cryptocurrency should always be careful when clicking on any links and downloading any apps or software. Everything from the unknown source should be avoided at all costs. Hackers would push malware through links and software to control our devices. I don't often open any files or click on links sent by random people. I am aware of such hacking attempts. Otherwise, we should use hardware wallets to secure our funds. So even our phone or computer-affected funds will be safe.
hero member
Activity: 1414
Merit: 542
We've seen a lot of shortcut files recently, and I suggest not to click anything specially from unknown source as we might be the next victims and then this criminals draining our wallets.
This is a good warning to keep us at alert but my concern is even with the known shortcut files it hard to dictate the ones that are gonna contain this malware because I have seen alot of known shortcut files that are replaced with punnycodes shortcuts making it look almost exactly the same with the known shortcut files.

Puny codes is one of the most common attacks being used by cyber criminals. But this is the first time that I have heard that they are now exploiting URL shorteners and then take advantage of a issue on Microsoft Common Vulnerabilities and Exposures (CVE). And I think URL shorteners being a phenomenon now, even is this community I have seen others posting links with this, so now it could at least be ban?

That's why we are advised to use airgapped devices for storing our crypto assets in order to be safe from all this malware attacks.

It might be too complicated for average Bitcoin investors though, so maybe the will used other web wallets mentioned in the article. But we need to learn safety hygiene first so that we can avoid this kind of malware attacks.
hero member
Activity: 2660
Merit: 651
Want top-notch marketing for your project, Hire me
I never heard a single case of someone getting infected with crap like and lost coins while using linux... just sayin.
Maybe but nothing on the internet is ever secure and for the record, every operating system has its own vulnerability.
Have you heard about the threat actors linked to Kinsing which exploits the Linux flaw called Looney Tunables that was disclosed last year?
The best thing is to extra careful and never click or visit a well-known secure website on links using our operating system.

legendary
Activity: 2212
Merit: 7064
Same old story about hellish combination between malware and windows os  Tongue
Simple solutions is to stop using windows and switch to open source Linux os (Fedora, Debian, etc), and even MacOS is better than win-nightmare.
I never heard a single case of someone getting infected with crap like and lost coins while using linux... just sayin.
member
Activity: 66
Merit: 5
Eloncoin.org - Mars, here we come!
We've seen a lot of shortcut files recently, and I suggest not to click anything specially from unknown source as we might be the next victims and then this criminals draining our wallets.
This is a good warning to keep us at alert but my concern is even with the known shortcut files it hard to dictate the ones that are gonna contain this malware because I have seen alot of known shortcut files that are replaced with punnycodes shortcuts making it look almost exactly the same with the known shortcut files.

That's why we are advised to use airgapped devices for storing our crypto assets in order to be safe from all this malware attacks.
sr. member
Activity: 854
Merit: 424
I stand with Ukraine!
Prevention is better and I avoid clicking on strange links or shortened links.

If you are curious, you can check shortened links with
https://checkshorturl.com/
https://unshorten.it/
https://linkunshorten.com/
https://urlex.org/
https://redirectdetective.com/
hero member
Activity: 2842
Merit: 772
A known malware, called Phemedrone Stealer is on the circulation right now and trying to take advantage and exploited CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability.

The targets are cryptocurrency wallets:

  • Armory
  • Atomic
  • Bytecoin
  • Coinomi
  • Jaxx
  • Electrum
  • Exodus
  • Guarda




So the leverage here is that the criminals are going to hosts malicious internet shortcut files on Discord or other cloud services such as FileTransfer.io. And so once we click that shortcut files, it will connect to a controlled server by the hackers and then execute control panel item (.cpl) file. However, Microsoft Windows Defender should warn us about this shortcut url and what it will execute, but attackers also crafted a shortcut URL to evade everything.

We've seen a lot of shortcut files recently, and I suggest not to click anything specially from unknown source as we might be the next victims and then this criminals draining our wallets.

(https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html)
Jump to: