You're not even supposed to download DirectX 12 in the first place.
Seriously, it is hard to believe that people will think that some runtime that's only meant to work on Windows 10 is something that can be "downloaded" on your device (and if you're reading this then you either already have it or aren't qualified to have it in the first place). Especially since it has no Microsoft logos on it.
I wonder if the site's even getting any traffic or all that happened was some white-hat stumbling upon this place by accident?
Topic: [Warning]: Fake Microsoft DirectX 12 site pushes crypto-stealing malware (Read 108 times)
April 29, 2021, 02:30:38 PM
April 29, 2021, 04:55:02 AM
Not just crypto credentials but considering that it is a Trojan, I am pretty sure that they will be taking over your computer or even putting a ransomware to add salt to the wound. This fake websites has been craftier over the past few years and they are really good, remember that there is a version of alphabet that fake websites use to bypass the name similarity so if they can't name their site as the original back then, now they can do it and the fonts used are really not that different so it is difficult for an untrained eye to spot.
April 28, 2021, 07:10:26 PM
Do things like this pop up on the legit microsoft or similar sites though?
So if you click on link but don't download it... you are fine right?
But once you download it... you got malware now so basically anything you type on the computer is visible to the hacker... is that correct? But if you use your nano ledger s with ledger live... what happens? You can gert hacked or not? I assume they would do that change your sending address to or something like that right? Because what if you use the ledger recovery app and type it in your ledger to see if your seed is correct while connected to computer while having this program installed? Could they view it or not?
So if you click on link but don't download it... you are fine right?
But once you download it... you got malware now so basically anything you type on the computer is visible to the hacker... is that correct? But if you use your nano ledger s with ledger live... what happens? You can gert hacked or not? I assume they would do that change your sending address to or something like that right? Because what if you use the ledger recovery app and type it in your ledger to see if your seed is correct while connected to computer while having this program installed? Could they view it or not?
April 26, 2021, 11:36:03 AM
Just a heads-up guys, you may want to check everything first as cyber criminals have created this fake Microsoft DirectX 12 download page which intentions is to install malware to our machines to steal our crypto credentials.
Thank you for the info.
For me it's unexpected since... why would anybody install DirectX from 3rd party websites when it's available for free from Microsoft?
April 26, 2021, 08:39:53 AM
https://twitter.com/olihough86/status/1384804136617644033
Quote
Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords.
Even though the site comes complete with a contact form, privacy policy, a disclaimer, and a DMCA infringement page, there is nothing legitimate about the website or the programs it distributes.
When users click on the Download buttons, they will be redirected to an external page that prompts them to download a file. Depending on whether you click on the 32-bit or 64-bit version, you will be offered a file named '6080b4_DirectX-12-Down.zip or '6083040a__Disclaimer.zip'
With the cryptocurrency craze in full swing, the malware developers also attempt to steal a wide variety of cryptocurrency wallets for Windows software, such as Ledger Live, Waves.Exchange, Coinomi, Electrum, Electron Cash, BTCP Electrum, Jaxx, Exodus, MultiBit HD, Aomtic, and Monero.
Even though the site comes complete with a contact form, privacy policy, a disclaimer, and a DMCA infringement page, there is nothing legitimate about the website or the programs it distributes.
When users click on the Download buttons, they will be redirected to an external page that prompts them to download a file. Depending on whether you click on the 32-bit or 64-bit version, you will be offered a file named '6080b4_DirectX-12-Down.zip or '6083040a__Disclaimer.zip'
With the cryptocurrency craze in full swing, the malware developers also attempt to steal a wide variety of cryptocurrency wallets for Windows software, such as Ledger Live, Waves.Exchange, Coinomi, Electrum, Electron Cash, BTCP Electrum, Jaxx, Exodus, MultiBit HD, Aomtic, and Monero.
https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/
Just a heads-up guys, you may want to check everything first as cyber criminals have created this fake Microsoft DirectX 12 download page which intentions is to install malware to our machines to steal our crypto credentials.
Jump to: