Author

Topic: Warning! Be careful when you copy and paste bitcoin address from Electrum wallet (Read 445 times)

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
But this still applies, no ?
On the computer malware could steal any data/files/etc. which the user (i.e. your kid) has access too (ignoring UAC exploits).

As simple user he has limited options for "installing" new things. He has access only to the non-system partitions and only his user keys in registry.
The malware will run only when the kid is playing. It's bad, but it cannot damage what's important.
And in my case he will also have to get over the Internet Security's "Auto-Containment"  Wink

One of the most dangerous things you can install on your mobile is a custom keyboard, which acts as a keylogger.
And on windows.. well.. it is not really hard to implement a keylogger.

I know, I've done a super-simple one in my 3rd year at Uni.  Wink
That was in MS-DOS/Win95. Now everything is much easier.

Unfortunately this does not apply to OP's problem (clipboard hijacking), since this is readable for any application on android.

So, to get on-topic again, this also wouldn't have had him protected against this kind of malware.
I mean.. you could theoretically forbid applications to access the clipboard, but this also means you can't paste in them anymore.


I am no way saying that android is secure and windows is not.. however it is much easier to have your mobile clean than a windows computer.

But shared devices create new problems per se, whether smartphone, computer, tablet, etc.

That's correct. At least for clipboard hijacking user's double check is something easy to do and should become almost a reflex.
Bitsler has this implemented at withdraw - it asks the user double check a few parts of the address for sure. But for a wallet to do this.. I don't know, it could be annoying for many users.
legendary
Activity: 1624
Merit: 2481
System files & folders usually also affected because almost all users click "Yes" when UAC showed when they run malicious program.
They don't even read it, because the message is vague, unlike Android which shows list of permission.

Well.. you are right.. but in this case we are really talking about very uneducated user regarding computers and 'technical stuff'.

Unfortunately UAC can almost always be bypassed if it is not explicitly set to the highest (most secure) option, which is not default.
There are numerous ways to bypass it, some are fixed, some are not.

So this makes it even more dangerous on a computer in comparison to an android  Grin



In my case it's not. On the computer the kids have "users" and I am the admin. On the phone they can install and run a "game" and I may find out about the "surprise" much later.

But this still applies, no ?

On the computer malware could steal any data/files/etc. which the user (i.e. your kid) has access too (ignoring UAC exploits).
On an (unrooted) android the malware could only steal information in its user context (own app data) plus things possible with given permission (external storage, camera, etc..)

But accessing camera, storage, etc.. is always possible under windows. You don't even have to give permission for doing that.

One of the most dangerous things you can install on your mobile is a custom keyboard, which acts as a keylogger.
And on windows.. well.. it is not really hard to implement a keylogger.
You have about 3 different types of them:
- Via polling (GetAsyncKeyState)
- Via hooking (SetWindowsHookEx)
- Registering as input device

I mean.. hell.. there are 2 inbuilt accessible windows libraries available to create a keylogger with just a few lines of code.

If you refrain from installing a custom keyboard on an android, the chances of having a keylogger is close to zero (excluding unknown exploits), simply because an installed application has no access to the keyboard / buffer / etc.


Unfortunately this does not apply to OP's problem (clipboard hijacking), since this is readable for any application on android.

So, to get on-topic again, this also wouldn't have had him protected against this kind of malware.
I mean.. you could theoretically forbid applications to access the clipboard, but this also means you can't paste in them anymore.


I am no way saying that android is secure and windows is not.. however it is much easier to have your mobile clean than a windows computer.

But shared devices create new problems per se, whether smartphone, computer, tablet, etc.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
What did i do or say?  Grin

It was that fix, and then that Huawei  Grin

But the same applies to a desktop computer.

In my case it's not. On the computer the kids have "users" and I am the admin. On the phone they can install and run a "game" and I may find out about the "surprise" much later.

You're right to be paranoid, but in fact most phone manufacture do same thing (legally collect user's data).

For Mi/Xiaomi, they clearly stated about it on their privacy policy page (https://www.mi.com/us/about/new-privacy/).
If you bother read "What information is collected and how can we use it?" section, they even collect your financial information.

I'm not surprised. And I believe that some do that even without telling. It's just the next step after all that happens in the browsers.
That's why my Bitcoin wallets on Android never had useful private keys.
legendary
Activity: 1624
Merit: 2481
So I don't know how Android "reacts" when you install app from Play Store and it's stealing your data.
I mean, an app can ask for certain rights (maybe even for good reasons!) and you'll grant them; then it's free to do whatever it wants.
So no, I am not certain about the security of mobiles.

Well.. since you are giving them the permissions, that's nothing an AV software should block, unfortunately.

But the same applies to a desktop computer.
If you run an executable, it can create outgoing connections without being blocked. And if it is establishing an encrypted connection with TLS, there is nothing an AV can do to determine whether it is 'normal' or malicious traffic  Undecided

Malicious applications on a desktop computer can even do more harm than malicious apps on a mobile.
On a desktop computer, malware gains access to each file in the user context (basically everything except for system files and folders).
On an android, the malware does not get access to any data from a different application since android enforces application encapsulation. Each application is being run in a different user context.
Only data on the SD card can be accessed by any application. That's btw also the reason why one should never store sensitive data on the external memory.

But I'd not trust them, whether there's proof or not.
A bit of paranoia is necessary in this (Bitcoin) world.

The only 'one' i am completely trusting is Mr. Mathematics. He never lies.



All right, you made my day  Grin

What did i do or say?  Grin
Well.. it doesn't matter. Better be HappyFish instead of NeuroticFish  Tongue
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
All right, you made my day  Grin


There are plenty of a few users that know how to keep their windows safe [...]

Fixed that for you  Wink

I was told that I'm too pessimistic. Well, you are worse than me  Grin

There are plenty of AV's available for android too. TBH, i would everyone recommend to install it on their mobile.

Although I do have AV on Android, even if many tell that it's useless (!!), it never cried about any of the installed programs.
So I don't know how Android "reacts" when you install app from Play Store and it's stealing your data.
I mean, an app can ask for certain rights (maybe even for good reasons!) and you'll grant them; then it's free to do whatever it wants.
So no, I am not certain about the security of mobiles.

The biggest vulnerability is not sitting inside of the software or hardware, but in front of the monitor  Cheesy

Yup, "the biggest problem for computers sits between the chair and the keyboard".

Ironically.. Huawei  Grin

LMAO!
I have Xiaomi and they did some updates too (although no Pie yet for me). But I'd not trust them, whether there's proof or not.
A bit of paranoia is necessary in this (Bitcoin) world.
legendary
Activity: 1624
Merit: 2481
There are plenty of a few users that know how to keep their windows safe [...]

Fixed that for you  Wink



Since a big % of windoze users know / were told that windoze is not safe by default, they use to have some decent security software on.

Well but 'security software' means a single AV software.
There are plenty of AV's available for android too. TBH, i would everyone recommend to install it on their mobile.



And then social engineering (including infected e-mails or games that work only if you disable the antivirus or whatever) remain the main entry point.

That's true, unfortunately.. Any OS is prone to that.

The biggest vulnerability is not sitting inside of the software or hardware, but in front of the monitor  Cheesy



Wow, what maker? One of the reasons I gave up Samsung was the lack of updates.

Ironically.. Huawei  Grin

I know.. people can claim "uuhhh china is spying and collecting data..", to prevent such arguments:
1) there is not a single proof for them spying and
2) everyone collects data. And i feel i am less vulnerable if china has my data compared to the US

Huawei is doing a really good job at pushing out updates soon after google releases them.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
I am just sick of those people claiming mobiles are enormous unsecure by definition, while they are running a windows machine on their desktop.

That's correct, however, there's on small extra point to take into consideration.
There are plenty of users that know how to keep their windows safe and no idea about nix or android.
If you ask them get rid of windoze you may either lose them, either they'll make big mistakes. (Tbh I am a bit nervous myself when going onto nix.)
So.. no solution is perfect.

I'd even go that far, to claim that compromising a windows machine is way easier then compromising an android mobile (given that both systems have the same 'level' of security measurements).

Excluding all social engineering - regarding only the technical aspects - windows is more prone to being compromised due to the extreme number of vulnerabilities (found and not found ones).

Since a big % of windoze users know / were told that windoze is not safe by default, they use to have some decent security software on. And then social engineering (including infected e-mails or games that work only if you disable the antivirus or whatever) remain the main entry point.

Btw.. my mobile is roughly 2 years old and still receives monthly updates. About 10-14 days after google releases them.

Wow, what maker? One of the reasons I gave up Samsung was the lack of updates.
legendary
Activity: 1624
Merit: 2481
And since many smartphone manufacturers don't pay much attention to updating the OS after it's sold, and since many simply buy various Chinese smartphones (for better specs/price ratio), I'd say that an up-to-date live OS made only for this reason should still be the safest and easiest choice if one doesn't want to buy hardware wallet.

A live OS is indeed a safer option, no doubts.

I am just sick of those people claiming mobiles are enormous unsecure by definition, while they are running a windows machine on their desktop.
I'd even go that far, to claim that compromising a windows machine is way easier then compromising an android mobile (given that both systems have the same 'level' of security measurements).

Excluding all social engineering - regarding only the technical aspects - windows is more prone to being compromised due to the extreme number of vulnerabilities (found and not found ones).


Btw.. my mobile is roughly 2 years old and still receives monthly updates. About 10-14 days after google releases them.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
If you dont know what live OS is you shouldn't be using crypto and for those using mobile phones for crypto purpose, well sorry a phone doesnt even come close to a computer.

You are right.
An up-to-date android mobile is more secure than a windows computer.

And since many smartphone manufacturers don't pay much attention to updating the OS after it's sold, and since many simply buy various Chinese smartphones (for better specs/price ratio), I'd say that an up-to-date live OS made only for this reason should still be the safest and easiest choice if one doesn't want to buy hardware wallet.
legendary
Activity: 1624
Merit: 2481
jesus, people, run your wallets on live version of OS to prevent all viruses.

Using a live OS does not protect you against all kind of malware (i guess you wanted to say malware, not virus).

A virus is a subcategory of malware which spreads itself automatically through a network by exploiting vulnerabilities. You probably meant to talk about malware in general.



If you dont know what live OS is you shouldn't be using crypto and for those using mobile phones for crypto purpose, well sorry a phone doesnt even come close to a computer.

You are right.
An up-to-date android mobile is more secure than a windows computer.
legendary
Activity: 1876
Merit: 3139
Today, while trying to open my old wallet Electrum, the Trojan (Miner-AP trj) was detected by the Avast antivirus

That was probably a false positive. This issue has been addressed here. Altcoins miners and some software wallets are sometimes detected as malware. By the way, update Electrum.
newbie
Activity: 1
Merit: 0
Today, while trying to open my old wallet Electrum, the Trojan (Miner-AP trj) was detected by the Avast antivirus
I highly recommend use cold or hardware wallets
newbie
Activity: 6
Merit: 1
jesus, people, run your wallets on live version of OS to prevent all viruses. If you dont know what live OS is you shouldn't be using crypto and for those using mobile phones for crypto purpose, well sorry a phone doesnt even come close to a computer.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Does anyone know how this copy and paste issue arise from?  People say malware but from where specifically?  Does anyone know?

I guess that'll help you to read this: https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/
In that article they've posted a (Virustotal.com) link with how the antiviruses detect a d3dx11_31.dll file infected with such trojan.

Another report is at symantec: https://www.symantec.com/security-center/writeup/2016-020216-4204-99?tabid=2

However, if you look at that VirusTotal link you'll see a number of names you can start with if you want to research deeper.
legendary
Activity: 2758
Merit: 6830
Does anyone know how this copy and paste issue arise from?  People say malware but from where specifically?  Does anyone know?
Fake wallets, "Bitcoin Generators", etc... basically anything. These kind of clipboard modifiers are common when we talk about malware.
full member
Activity: 1792
Merit: 186
Does anyone know how this copy and paste issue arise from?  People say malware but from where specifically?  Does anyone know?
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
It looks like a dumber variant of the clipboard malware. Afaik at least the original one had the "common sense" to keep the start and the end identical with the original address.

i actually have never seen one that did that. are you sure you are not just talking about the theoretical hijacker? because i remember there was a discussion on bitcointalk about how they could do that using vanity generation technique but it would only be first 2 or 3 characters since it takes a lot more time if it is more and also there is absolutely no way you could have identical "end" since it is the checksum and with 1 bit difference in address the whole thing changes.

I did a search and you're right. I was living with the (wrong) impression that the initial malware was smarter than I thought.
I guess that this was caused by the fact that one of the first cases I've seen discussions about that malware the good and bad addresses were at least having the first 3 letters identical.
But yes, it seems to be just simply the old malware.
legendary
Activity: 3472
Merit: 10611
It looks like a dumber variant of the clipboard malware. Afaik at least the original one had the "common sense" to keep the start and the end identical with the original address.

i actually have never seen one that did that. are you sure you are not just talking about the theoretical hijacker? because i remember there was a discussion on bitcointalk about how they could do that using vanity generation technique but it would only be first 2 or 3 characters since it takes a lot more time if it is more and also there is absolutely no way you could have identical "end" since it is the checksum and with 1 bit difference in address the whole thing changes.
legendary
Activity: 3710
Merit: 1586
making money is the reason for it.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
It looks like a dumber variant of the clipboard malware. Afaik at least the original one had the "common sense" to keep the start and the end identical with the original address.

With so many "electrum problems" lately, actually not related with Electrum at all, I wonder if it's not some campaign against Electrum, although I fail to understand what could be the reason for it.
HCP
legendary
Activity: 2086
Merit: 4363
I doubt this has anything to do with Electrum itself... and is more likely that you have a clipboard hijacker virus/malware installed on your system.

I would suggest that at the very least you run some of the common anti-malware scanners like MalwareBytes or Spybot Search and Destrory... and preferably, backup your important data, then wipe/format your computer and reinstall the Operating System. It is highly likely you have all sorts of nasty stuff infecting your system! Undecided
legendary
Activity: 3710
Merit: 1586
looks like you have malware on your system
newbie
Activity: 3
Merit: 2
Hi Guys!

I am currently using Electrum wallet 3.3.6 executable version. Which is fine till last night. And this morning when I open the wallet what I found is what every addresses in the wallet address list I copy either using Ctrl+C/Ctrl+V or right click select copy are the same, and I looked it on explorer and noticed that this address:13gwPnRgJjqsg2T1QQ6LQXtxWJAQDJWD6z has receipt more than 1.4 BTC so far with various amount recently.

I double checked the phonmena when I opened another wallet file, and the copy/paste result pointed to the same address :3NW1CuurGdsWfRmWTjgjMJueTt1eM5L32R, which is now empty for now.

So, when you guys copy address from your electtrum wallet I urge you to double check the paste results before you click confirm. It is highly likely that those vicious ones are using this to ripe you off.

Good luck
Jump to: