[Warning]: New Bandit Stealer targeting crypto wallets

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Dave1 on June 01, 2023, 12:53:34 AM

A new malware in the wild was spotted by trend micro. It leverage what we call runas.exe function, so they take advantage of it and can run the propagation with administrative privileges.

This malware again targets only devices with wind0ws operating system, that means that using linux would be perfect protections against this attack.
I am long time advocate for doing this switch from windows to linux, not only because of security benefits but because of better privacy and open source code.
Fedora, Debian or Linux Mint are one of the best choices and they are generally better for anything related with Bitcoin.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

This is why we should be very careful of clicking links because some malware are hiding in plain sight where we think there's no malware when the truth is there's a malware that gathers information and then sent to the malware creator or the one who spread it. Finding cracks for the application you downloaded that needs activation could also result in your wallet data being stolen. Being careful is what makes us safe from hackers who wants to steal crypto.

Merit.s

sr. member

Activity: 378

Merit: 258

Lohamor Family

Quote from: Dunamisx on June 01, 2023, 04:17:34 AM

Quote from: un_rank on June 01, 2023, 01:06:32 AM

Quote from: Dave1 on June 01, 2023, 12:53:34 AM

So the principle hasn't change, they are dropping their dropper on emails and those who are looking for crack softwares. It could also spread and carry out in Youtube wherein there is a link that supposedly download a free softwares.

Another reminder not to click on random links or to react to unsolicited messages regardless of the source. Importantly, protect your personal information in order not to be a target of hackers if your email falls into their hands.

- Jay -

Each time they keep advancing in their stealing technology to introduce malwares to users by any available means they see can quickly lead to instant penetration on their target, we have to be very careful in dealing with our personal informations, sensitive informations, the websites visited, emails and links we click and the kind of downloads we also make, those are some of the entry routes they take to penetrate in to us.

This is a reminder that these hackers don't get tired of looking for an alternative way to hack into investors wallet to steal their assets. We should always be cautious of clicking of links sent to us via email or online to avoid falling for their traps. Also you should download whatever you want to download from the right website because these hackers operates through malware sent to their victim for easy accessibility of your information on your PC. This is even worst because they have the crpytocurrency and wallets that they target.

Taskford

hero member

Activity: 2520

Merit: 783

Quote from: TravelMug on June 01, 2023, 04:04:21 AM

Quote from: un_rank on June 01, 2023, 01:06:32 AM

Quote from: Dave1 on June 01, 2023, 12:53:34 AM

So the principle hasn't change, they are dropping their dropper on emails and those who are looking for crack softwares. It could also spread and carry out in Youtube wherein there is a link that supposedly download a free softwares.

Another reminder not to click on random links or to react to unsolicited messages regardless of the source. Importantly, protect your personal information in order not to be a target of hackers if your email falls into their hands.

- Jay -

Yeah, that's the basic of it all, no clicking on random clicks, even on those originator that we know, we shouldn't just trust but to verify everything. As for crack software? Again, this is one practice that if we get involves ourselves in crypto, you should get rid of it.

It's better to get all your software with license. If you can save and HODL thousands of dollars of worth of crypto, then it's good if you could buy a genuine OS or whatever apps you need.

To many risk upon clicking those unwanted links that's why its not advisable to do that actions since we might gonna step those malwares without us knowing.

Also its important to have license software especially when we are dealing with crypto on our computers by this way we can assure that we get the legitimate one and not those crack software which we don't know if there's hidden malware attached to it and to bad for us if we download it since for sure we will be compromised by hacking issues or by malwares just like what OP posted.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

To me, this seems more like PR for the company in question, because from the attached screen samples it is obvious that they do not know the difference between wallet and cryptocurrency. Table 3 says "cryptocurrencies stolen", but they mixed up cryptocurrencies and wallets, and in the second table they even add a CEX as a wallet.

There are probably hundreds of such malicious programs, and all of them have in common that they enter the system through the carelessness of the user, and AV companies just want to tell you that you will be safe if you use their protection. This is only partially true, because the first level of protection against such malicious programs is each user for himself.

WayneBunbury

newbie

Activity: 21

Merit: 0

Genral Rule of thumb Never use hotwallets wather thare trusted or not Thay Can be Hackted Save your self the Warry and By a Hardware/ColdWallet FRom Ledger Or tazor Ledger has been proven to be Unhackabel Since it hsas no online connection only time it does is if your updateing the firmware or transfuring some accets to leger live

Yamane_Keto

hero member

Activity: 406

Merit: 443

I did not understand the extent of the danger here. Suppose the hackers were able to call runas.exe, obtain administrative privileges, was able to search for a path and find the appropriate path like

Code:

%appdata%\electrum

all what will get is the wallet file.

In most wallets, that file is encrypted with a password. Hacker still needs to know the appropriate password to access your coins to brute force it, or did I miss something? to call runas.exe, it needs to download the program, meaning that random clicking alone is not enough to endanger your device.

Whatever the reason, storing a lot of bitcoin in a hot wallet is behavior that may lead you to lose them, no matter how careful you are.

Dunamisx

hero member

Activity: 952

Merit: 555

Quote from: un_rank on June 01, 2023, 01:06:32 AM

Quote from: Dave1 on June 01, 2023, 12:53:34 AM

So the principle hasn't change, they are dropping their dropper on emails and those who are looking for crack softwares. It could also spread and carry out in Youtube wherein there is a link that supposedly download a free softwares.

Another reminder not to click on random links or to react to unsolicited messages regardless of the source. Importantly, protect your personal information in order not to be a target of hackers if your email falls into their hands.

- Jay -

Each time they keep advancing in their stealing technology to introduce malwares to users by any available means they see can quickly lead to instant penetration on their target, we have to be very careful in dealing with our personal informations, sensitive informations, the websites visited, emails and links we click and the kind of downloads we also make, those are some of the entry routes they take to penetrate in to us.

TravelMug

hero member

Activity: 2632

Merit: 833

Quote from: un_rank on June 01, 2023, 01:06:32 AM

Quote from: Dave1 on June 01, 2023, 12:53:34 AM

So the principle hasn't change, they are dropping their dropper on emails and those who are looking for crack softwares. It could also spread and carry out in Youtube wherein there is a link that supposedly download a free softwares.

Another reminder not to click on random links or to react to unsolicited messages regardless of the source. Importantly, protect your personal information in order not to be a target of hackers if your email falls into their hands.

- Jay -

Yeah, that's the basic of it all, no clicking on random clicks, even on those originator that we know, we shouldn't just trust but to verify everything. As for crack software? Again, this is one practice that if we get involves ourselves in crypto, you should get rid of it.

It's better to get all your software with license. If you can save and HODL thousands of dollars of worth of crypto, then it's good if you could buy a genuine OS or whatever apps you need.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Perhaps to thwart these stealing attempts by malware, the wallet software could have an option to change the directory used to store wallet files. Malware can't possibly list the files and folders on the entire hard disk, so changing it seems like a good "security by obscurity" option.

It would only work with application software though, not browser extensions (with which you should not be storing your money in the first place).

un_rank

hero member

Activity: 644

Merit: 661

- Jay -

Quote from: Dave1 on June 01, 2023, 12:53:34 AM

So the principle hasn't change, they are dropping their dropper on emails and those who are looking for crack softwares. It could also spread and carry out in Youtube wherein there is a link that supposedly download a free softwares.

Another reminder not to click on random links or to react to unsolicited messages regardless of the source. Importantly, protect your personal information in order not to be a target of hackers if your email falls into their hands.

- Jay -

Dave1

hero member

Activity: 1414

Merit: 542

A new malware in the wild was spotted by trend micro. It leverage what we call runas.exe function, so they take advantage of it and can run the propagation with administrative privileges.

Quote

By using the runas.exe command, users can run programs as an administrator or any other user account with appropriate privileges, provide a more secure environment for running critical applications, or perform system-level tasks. This utility is particularly useful in situations where the current user account does not have sufficient privileges to execute a specific command or program. In the case of Bandit Stealer, this is done with the following command line:

The Bandit malware was so intelligent that it will check for several environment first, and alter itself depending on where it is running.

What's scary is that it targets the following wallets:

So the principle hasn't change, they are dropping their dropper on emails and those who are looking for crack softwares. It could also spread and carry out in Youtube wherein there is a link that supposedly download a free softwares.

https://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html

Topic: [Warning]: New Bandit Stealer targeting crypto wallets (Read 127 times)