Bitcoin Forum

I was just sent a message from a user under the name of Hotsfet, the message contained a link to an IP address followed buy a file named freebitcoin.zip.

Here is the message he sent me :

https://i.imgur.com/iJgJpPW.png

I was foolish enough to accentently click the URL before even reading the message and as soon as i clicked on it a white page appeared with no content, I immediately knew i did wrong.

After i closed the page i thought it was finished and no harm was done however around 5 minutes later the file downloaded itself and popped into my downloads tab on Safari, i thought this was impossible since the page was closed. I closed the download before it finished and moved it to Trash and emptied the trash.

I am now running a full Virus scan with Bitfender.

To let you know I'm using a Macbook on El Capitan.

Does anyone have any advice for me, is this software on my mac or am i alright.

Thanks

delete the file and run an antivirus scan.

if you own a large amount of coins, use a hardware wallet like Trezor. even maleware cant break that.

https://bitcointalk.org/index.php?topic=899253.0

As far as i know it's hard to get infected in OS X ?
Since you didn't opened the zip file then you should not be worried.
And please report it to the moderators they will take action for that user.

I'd say do a full virus scan, malware scan, possibly in safe mode, and it might be a good idea to make a hard wallet in the mean time if you have too much BTC to lose, so to speak. You're not likely to be infected with what you described, but better safe than sorry.

I'd also report the user.

I just made an online virus scan (without downloading the file on my computer)
Here is the link https://www.virustotal.com/en/url/f02262e2726978c94fc5efe430b9ae801d47ab4c9dbd054693acf558c6816a90/analysis/1451820523/
Detection ratio:   4 / 66, so from 4 Antiviruses it is marked as Malicious site.

I know this kind of viruses, it steals your money in a way, or it steals your wallet login or it locks up all your files and you need to pay to get your files back through torbrowser and pay them with bitcoin. That is called ransomware, never download an excutable file that can change things on your pc from an unreliable source. Just report this user, I bet the user will make money through affiliate virus spreading.

The file cannot run itself after downloading right? As long as you make sure not to run the file you should be fine, or can executables run itself nowadays?

Best is indeed to run a couple of independant virus scans and move any coins you have on your pc.

You could also try hitman pro, a second opinion scanner that may find something suspicious.

If you haven't clicked any file inside that downloaded zip file then there shouldn't be any problem to worry about. Better you do full scan with whatever antivirus you have, i have also used bitdefender on past and i think it can catch if any malware is there.

I have done same and get infected but i have got the direct software link via email.

malwarebytes is good to scan with too. You can use the free version :)

Well, if you use a Macbook you are very likely safe of it. I guess it was a virus for Windows. Have you unzipped the archive and opened the containing files?

Yes, its windows based malware[1], but dont think Macs are safe.

[1] https://www.virustotal.com/en/file/2011dc64139e21aa6b40d660bdd808641f2e862508ba3cef99f97ca8be61f139/analysis/1451820527/

Yes Malwarebytes should be good to go.
Also a full AV scan I recommend. And as a few other already have suggested, the usage of a hardware wallet if he has a bigger amount of coins.
These types of pms I got also  few times.I delete them all. And never ever click any links!!!!
Or you run a virtual machine when surfing the web is also a possibility if can't avoid being curious what's behind some suspicious websites or links.

Gave him negative trust and reported his only post. Possibly impersonating HostFat (https://bitcointalk.org/index.php?action=profile;u=203) too? Either way, I think he should just be nuked.

Id say you are probably good, If you never actually opened the file then i doubt the site had any scripts good enough that you will be infected with anything but like others have said worth doing a virus scan anyway. id recommend malawarebytes as above poster mentioned and also try running hijackthis to check everything thats running. I wouldnt worry though.

And I thought that Huge Sign above private message :!!! Warning! This user is a newbie etc. will be enough of a notice for people to not click links from unknown newbie accounts.
Maybe forum staff/admins should block ability for newbie users to send links in PM?

Also it is probably best to make a habit of never ever clicking links without verifying them first.

Do you also open links in all emails you get? If so, stop doing that, you are asking to be hacked somewhere along the lines.

Nice to see nothing on your mac got affected. Thanks for posting this as well to aware others on the forum.

This has happened several times on this forum and users have lost their accounts and bitcoins due to the malware. I too was a victim once and before damage was done, I changed all my passwords and it took my hours to do so. I thought of asking the mods or admin to restrict newbies/Jr. members from posting links but I don't think this will happen. Also, this forum has no way to detect malware or suspicious links (only few are detected).

i would not trust bitdefender only as a unique antivirus, you need more source

try with hitman pro plus malwarebyte and maybe avira antivirus, just to be more secure

Downloading a file itself is not problematic, executing it is. As OP said they just deleted it once it was on the machine, so I doubt they are infected.