Author

Topic: [Warning]: Fake Microsoft DirectX 12 site pushes crypto-stealing malware (Read 113 times)

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
You're not even supposed to download DirectX 12 in the first place.

Seriously, it is hard to believe that people will think that some runtime that's only meant to work on Windows 10 is something that can be "downloaded" on your device (and if you're reading this then you either already have it or aren't qualified to have it in the first place). Especially since it has no Microsoft logos on it.

I wonder if the site's even getting any traffic or all that happened was some white-hat stumbling upon this place by accident?
member
Activity: 1120
Merit: 68
Not just crypto credentials but considering that it is a Trojan, I am pretty sure that they will be taking over your computer or even putting a ransomware to add salt to the wound. This fake websites has been craftier over the past few years and they are really good, remember that there is a version of alphabet that fake websites use to bypass the name similarity so if they can't name their site as the original back then, now they can do it and the fonts used are really not that different so it is difficult for an untrained eye to spot.
full member
Activity: 1750
Merit: 186
Do things like this pop up on the legit microsoft or similar sites though?


So if you click on link but don't download it... you are fine right?


But once you download it... you got malware now so basically anything you type on the computer is visible to the hacker... is that correct?  But if you use your nano ledger s with ledger live... what happens?  You can gert hacked or not?  I assume they would do that change your sending address to or something like that right?  Because what if you use the ledger recovery app and type it in your ledger to see if your seed is correct while  connected to computer while having this program installed?  Could they view it or not?
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Just a heads-up guys, you may want to check everything first as cyber criminals have created this fake  Microsoft DirectX 12 download page which intentions is to install malware to our machines to steal our crypto credentials.

Thank you for the info.
For me it's unexpected since... why would anybody install DirectX from 3rd party websites when it's available for free from Microsoft?
hero member
Activity: 2660
Merit: 551


https://twitter.com/olihough86/status/1384804136617644033

Quote
Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords.

Even though the site comes complete with a contact form, privacy policy, a disclaimer, and a DMCA infringement page, there is nothing legitimate about the website or the programs it distributes.

When users click on the Download buttons, they will be redirected to an external page that prompts them to download a file. Depending on whether you click on the 32-bit or 64-bit version, you will be offered a file named '6080b4_DirectX-12-Down.zip or '6083040a__Disclaimer.zip'

With the cryptocurrency craze in full swing, the malware developers also attempt to steal a wide variety of cryptocurrency wallets for Windows software, such as Ledger Live, Waves.Exchange, Coinomi, Electrum, Electron Cash, BTCP Electrum, Jaxx, Exodus, MultiBit HD, Aomtic, and Monero.

https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/


Just a heads-up guys, you may want to check everything first as cyber criminals have created this fake  Microsoft DirectX 12 download page which intentions is to install malware to our machines to steal our crypto credentials.
Jump to: