that wasn't the Wallet Inspector!
Topic: WARNING, WALLET STEALER!!! (Read 4531 times)
wait
that wasn't the Wallet Inspector!
that wasn't the Wallet Inspector!
Running any third party software that involves your wallet is STUPID, no other word for it.
If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.
~BCX~
I never understood why people blame the victim. Grow some empathy for fuck sake.If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.
~BCX~
It wasn't a mistake on the users part, it's not a clever con by the scammer; it's people just being ignorant.
Your digital wallet is the same as the physical wallet in your pocket. Your wallet address is the same as your bank account number.
Why and how on earth could anyone even begin to think that it would be safe to run a 3rd party program from someone you don't know on your computer that requires that sensitive information? I mean, really, if someone released a chat client that required you to enter your bank account #, would you do it? If you would, you're dumb as a sack of rocks. This is exactly the same thing. Unknown unofficial 3rd party software + wallet address = SCAM. No ifs, ands, buts or exceptions about it.
The only thing you run on your computer regarding your wallet IS your wallet. That is it, nothing else. Except maybe an auto-trade script, and that is ONLY if you write the script yourself.
Its seriously pretty darn sad that this needs to be explained to people at all. Makes me wonder what else needs to be explained to some people. Don't wash your eyes with bleach. Don't take a nap in the middle of an intersection. Don't lick an electrical outlet. Don't buy a Rollexx for $50 from that guy out of his trunk. Your welcome!
I don't even understand what the interest in this was anyways. Like there aren't enough legitimate chat clients out there that everyone can use safely for free that don't require such information.
I never understood why people blame the victim. Grow some empathy for fuck sake.
It's called personal responsibility.~BCX~
winning negative money is fun. doge doge!
I highly suspect this guy is using a keylogger.
So once you do anything with your wallet and type in your password he has it. Then he downloads your wallet and has the encryption password - end of story.
So once you do anything with your wallet and type in your password he has it. Then he downloads your wallet and has the encryption password - end of story.
site:bshades.eu "All4coins"
http://lmgtfy.com/?q=site%3Abshades.eu+%22All4coins%22
I highly suspect this guy is using a keylogger.
So once you do anything with your wallet and type in your password he has it. Then he downloads your wallet and has the encryption password - end of story.
So once you do anything with your wallet and type in your password he has it. Then he downloads your wallet and has the encryption password - end of story.
Oh boy, why would he do such a thing. He was just fishing for newbs :/ Sorry about your luck.
Sorry to hear about the loss. 
I'm sure with the advent of crypto currency, we'll probably have some form of a global Crypto police out there in a matter of years.
I'm sure with the advent of crypto currency, we'll probably have some form of a global Crypto police out there in a matter of years. Feel so bad about this and don't really know if we can do anything. Is there? Can we do anything?
You should write to police if they have department which research sybercrimes. Usually they should have. They can find this man, but process is comlicated here.
Is there any precaution to avoid this malware?
Yep.
Scan whatever you download if it has not been verified clean by other members of the forum here.
Edit2: Here's a link for individual file online virus scanning: https://www.virustotal.com/ for that purpose.
how to use virustotal.com to scan a wallet before you download? do you have to download it first and then scan?
I DL the object in a win7 VM and scan it there. No need to open it, just scan the entire thing.
That way, if it indeed is a virus it only blows up the VM. I just restore the VM to the clean image.
Is there any precaution to avoid this malware?
Yep.
Scan whatever you download if it has not been verified clean by other members of the forum here.
Edit2: Here's a link for individual file online virus scanning: https://www.virustotal.com/ for that purpose.
how to use virustotal.com to scan a wallet before you download? do you have to download it first and then scan?
So there you have it folks. Use a brainwallet next time. Or, a trusted exchange with 2FA.
Running any third party software that involves your wallet is STUPID, no other word for it.
If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.
~BCX~
If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.
~BCX~
I never understood why people blame the victim. Grow some empathy for fuck sake.
Until it happens to them, then they cry bloody murder.
Yeah I think you're dead right it is a tough one... I wonder too if there is a happy medium, I reckon it is probably not possible because really anything connected to the internet is a risk. It looks like if you are storing coins cold storage is the best bet and then maybe have some in your normal wallet to play around with.
I think I will get to work on making a cold storage thread on my forum. Do you know if armory id available for other coins or is it just BTC?
I think I will get to work on making a cold storage thread on my forum. Do you know if armory id available for other coins or is it just BTC?
I don't think Armory is available for any altcoins, just Bitcoin.
Thread with a little discussion on it from the developer of Armory:
https://bitcointalksearch.org/topic/can-armory-support-altcoin-qt-wallets-trc-fc-ltc-etc-187835
Running any third party software that involves your wallet is STUPID, no other word for it.
If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.
~BCX~
If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.
~BCX~
I never understood why people blame the victim. Grow some empathy for fuck sake.
some think because it doesnt get flagged by anti virus its safe
Running any third party software that involves your wallet is STUPID, no other word for it.
If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.
~BCX~
If you are ignorant enough to use 3rd party software involving your wallet, you DESERVE to be ripped off.
~BCX~
I never understood why people blame the victim. Grow some empathy for fuck sake.
Thanks for the warning, the Same guy is at the Litecoin forums trying to steal wallets. I've warned the Litecoin community.
Good work, thanks for helping to spread the message, about all we can do.
So let me get this straight, the wallets, ALL of them had their coins emptied. The passwords were all different.
So how did he do this? This must mean that Satoshi's client is broken and needs more security! This is insane.
So how did he do this? This must mean that Satoshi's client is broken and needs more security! This is insane.
Maybe the passwords were weak and all similar? So easy to crack? I really don't know. I guess he can tell you more about it.
I think the above is highly likely
I think wallet security is the biggest fundamental flaw with Bitcoin.
Everyone compares Bitcoin with cash with good reason. After all, storing Bitcoin in an online wallet is akin to stuffing your cash in a stranger’s mattress. No one would do that, yet people still use online wallets and, in the case of inputs.io, lose a lot of money by doing so.
The wallet stealing viruses can easily be prevented, but it is not something that most people really think of when downloading programs. It’s not really the same as being pickpocketed because you never even have to come in contact with the criminal. It’s more similar to someone leaving a business card on your windshield and you placing that in your wallet and then when you get home you notice that the business card just ate all of your cash.
Cold storage is the best way to prevent this, but even with Armory’s efforts to make it as easy as possible; this is a very complicated process for some people and a deterrent for them to actually spend their Bitcoins.
Online storage is easy to spend but it is not safe.
Cold storage is very safe but is not easy to spend.
Is there a happy medium (safe and easy to spend) that I am missing?
Everyone compares Bitcoin with cash with good reason. After all, storing Bitcoin in an online wallet is akin to stuffing your cash in a stranger’s mattress. No one would do that, yet people still use online wallets and, in the case of inputs.io, lose a lot of money by doing so.
The wallet stealing viruses can easily be prevented, but it is not something that most people really think of when downloading programs. It’s not really the same as being pickpocketed because you never even have to come in contact with the criminal. It’s more similar to someone leaving a business card on your windshield and you placing that in your wallet and then when you get home you notice that the business card just ate all of your cash.
Cold storage is the best way to prevent this, but even with Armory’s efforts to make it as easy as possible; this is a very complicated process for some people and a deterrent for them to actually spend their Bitcoins.
Online storage is easy to spend but it is not safe.
Cold storage is very safe but is not easy to spend.
Is there a happy medium (safe and easy to spend) that I am missing?
Yeah I think you're dead right it is a tough one... I wonder too if there is a happy medium, I reckon it is probably not possible because really anything connected to the internet is a risk. It looks like if you are storing coins cold storage is the best bet and then maybe have some in your normal wallet to play around with.
I think I will get to work on making a cold storage thread on my forum. Do you know if armory id available for other coins or is it just BTC?
If it is possible for the victim to post in here and verify himself, perhaps the community could donate a bit to him to lessen his impact.
Okay he is here, https://bitcointalk.org/index.php?topic=393618.new#new
He's a bit upset and I must say that he told me after that the $10,000 came out wrong and it was 10,000 gold that went missing as well as 250,000 NET and a bunch of other coins. He can obvioulsy tell you more than I anyway.
Thanks guys.
here is the Quark messenger run in sandbox
https://malwr.com/analysis/NDAwOGQwZjliMDRiNDg4ZmE1OTc2NDlhMWM2ZTVlZDg
https://malwr.com/analysis/NDAwOGQwZjliMDRiNDg4ZmE1OTc2NDlhMWM2ZTVlZDg
Jump to: