Bitcoin Forum

This weekend I logged into my local exchange and when I wanted to sell a little bit of coins, Kaspersky Anti-virus popped up to warn me of a possible hack attempt. The moment when I clicked on SELL, it wanted to re-direct me to some cloud storage site, but luckily Kaspersky picked it up.  ;D

Is there some SQL Injection type of an attack that makes it possible to execute malicious code between your browser and the exchange software to redirect you to cloud services or other sites, when you want to SELL bitcoins?

I do not want to post screenshots, because I do not want people to know what local exchanges I use.  I will post something if the helpdesk responds to my queries.  :D

SQL injection is an attack against servers, what you are describing sounds more like XSS or clickjacking. Did you visit your exchange from google or from your bookmarks? Also, what happened next with your account, did you withdraw your money or are they still there?

Did the exchange run on ads? If yes, maybe that's one of their ads? Some sites use a script that will force you to visit some site regardless where you click on the page. A nasty practice but that's what they need to do to keep the site running. However, for exchange site, that's pretty unlikely imo. If it does happens, that exchange must be bankrupt sooner or later.

No, I did not visit the exchange through Google, I always type the URL for my exchange, to make sure I access the correct site. I managed to Sell some bitcoins via another computer that did not do this, so this is why I am thinking that the browser might be infected. <Did this, after I posted this question>

Well, people should check the URL address after they clicked on options within the site, to make sure that they are not re-directed to other sites, after they logged into their exchange.  >:( >:( >:(

Did you update your Chrome to latest version? Last month a warning came up about critical vulnerability in Chrome (zero day), and Google warned all users below 72.0.3626.121 to update browsers. By what can be read it is very dangerous exploit which can make even more damage if hackers use it in combination with zero day exploit in Windows.

You can read more on this link : Google Chrome zero-day: Now is the time to update and restart your browser (https://blog.malwarebytes.com/cybercrime/exploits/2019/03/google-chrome-zero-day-now-is-the-time-to-update-and-restart-your-browser/)

Yes, I am aware of the Chrome exploit and I made sure my browser was updated to the latest version. I also use other browsers, because I know Chrome is a surveillance tool for the No Such Agency.  ;)  <The other browsers, did the same thing.>

I just wanted to post this as a warning for people to know that certain browsers might be vulnerable to such attacks. I was not sure if it was just Chrome or other browsers too or if it was the OS. <I use Tails as a backup/clean boot OS>  ;)

I hoped other people will become aware of this exploit and that they would acknowledge my claims.  :P

If you cannot live without Chrome but want privacy, there is a chromium modified out there (its open source, remember?) called ungoogled-chromium (https://github.com/Eloston/ungoogled-chromium). Or you can use any of the browsers based on Chromium (https://en.wikipedia.org/wiki/Chromium_(web_browser)#Active) and handled by different parties (Opera, Brave, etc.)

Your Chrome was updated so it shouldn't be the vulnerability.
There's are various Malwares/Viruses that can do the exact thing even after being detected by an antivirus, those can do their job before the detection.

Happened to me once (long time ago): my AV detected and successfully quarantined it but after that, in every page I visit, there's a chance that it will redirect to an advertisement.
I suspected that I got it from an online Ad page.
What it did was simply changed the proxy settings to its "home page/IP" which causes the redirection.

Scanning the PC wont help since the virus/malware was already quarantined, disabling or changing the proxy settings (from internet settings or/and Chrome's proxy settings) to default fixed the issue.

Did you check the plugin in the chrome also? Because I heard that there is a malicious plugin that will installed on the background process without we knew. That happens to my nephew laptop, and after I found the plugin, I uninstalled and restarted the laptop, so far it does not show the pop-up or changing of the search engine.
 
How if you change your browser into Mozilla, Opera, Thor or other? Did you get the same thing as in Chrome? If you don't have a problem, then it might be your Chrome get compromised, and perhaps, you need to uninstall your Chrome with a fresh install and then update the browser.

I doubt if this is browser specific, because I tested several different browsers and all of them are doing the same thing. I managed to bypass the problem, by using another computer to do the selling of the coins, so this is not a train smash now, but it got me curious that it persists in an environment where I had several AV solutions / firewalls / anti-malware software etc.  >:(   

I also only get this from using one of my local exchanges, so this is definitely targeted towards something that is linked to my local exchange and possibly a individual attack. < I also use Tails and VMware to bypass OS issues as part of this troubleshooting experiment>  ;)