Bitcoin Forum

As a crypto currency worker we always need to be alert and always Should known the update news about security.  So that we known about type of online trap to hack us.

As a beginner or Newbie or every member i think this post will be an alarm. As a bounty hunter or airdrop hunter or to creat account on different online platform we shares our mail address and we got lots of mail though google clarify and send suspicious mail on spam folder but can clarify all. Hackers are also intelligent they also find more techniques to hack you.

One of my favourite Indian youtuber today shares an alarming message with us that he recieve mail where has a file to download. Where maybe they can contact as a brand or some other things but beaware before dowbload or opening any file. He mention to check mail and domain. Because if we download that file our system will be that hackers control. He suggest to not open those type of mail just delet it guys. Do not fall any trap they can find more ways because they are only thinking about this so beaware of this.

Source: Genuine Airdrop (https://t.me/GNairdrop/7689?single) Thanks for your alarm.

Well, I don't know about you @op but this is absolutely nothing new if you ask me, I've come across people who lost access to their computers due to downloading a virus infected software, some are Ransome ware where your computer will be locked and you are asked to send a certain amount of bitcoin to a provided address, failure to comply means you never have access to your computer and every file stored in it again.

It is highly recommended that every computer user have a good anti virus software installed and also, only download software from known sources to minimize the risk of ever installing a bad or virus infected softwares.

This is a so silly attack.

Ofc you shouldn't open any file from unknown senders that are spamming the network.

Even if you use the safest anti-virus, have the best hardware wallet, you need "healthy" internet habits. If you just open any file from shady websites or every file an unknown sender send you, you will never be safe.

On the other hand, if you do not download stuff from shady websites, you are careful with what emails you open, etc, and follow some basic security tips, you will be safe most of the time.

Seems to be a low level attack, and by that I mean nothing new, and likely is a script kiddie without actually having any in depth knowledge about coding.

I'd only recommend a antivirus if you have no clue about computers, and don't know how to stay safe using them. Even then, I'd consider the very software which calls itself antivirus, a virus itself. They usually come bundled with a ton of stuff that you don't want, or they hog up your computer resources for no benefit to the end user. You can effectively safeguard your computer from most attacks, if you are careful, and use it with security in mind.

Seriously, Anti Viruses suck. They also give a false sense of security, because as soon as a user installs them, they assume they are safe. Any malicious user, that is at least competent, i.e the ones that are actually a threat know how to avoid detection from anti viruses, simply because they are effectively reading from a database of known code or patterns which indicate a virus. Plus, you get a ton of false positives, which can be problematic in itself.

If you verify each download that you download, assure the signature is correct, and then you safe guard yourself against some of the common attacks on the internet, such as script attacks then you'll likely be fine in the most part. The more advanced precaution you could take is either physical isolation or virtual compartmentalizing with an operating system like QubesOS. I've talked about this in the past, so I won't go into detail about it here, but most users can safe guard themselves without actually needing a anti virus.

I just got this email. Downloaded the file and this is all it has inside:


This leads you to a website that appears to be a crypto MLM ("donate X BTC and put your address, someone else will donate to you")...

TLDR: You won't get hacked if you click this file.

If you recieve a zip file or a .rar file as an attachment then never download it and immediately delete that mail. In general, if you receive an attachment from an unknown sender then always block that sender. This is applicable to any platform from where you can receive attachments.

OP this is not new it is a very old and effective instrument that hackers and scammers to date still use it. People do fall for such mail and then lose everything.

Well, I have the same story from YouTubers here in my country. The scammers take control of the YouTuber's youtube by pretending to offer them a partnership and send some documents to be downloaded. Unfortunately, turns out it was a phishing trial. Although the story came from a YouTuber, technically it's also applied to us, the crypto community. Always be aware, don't click links easily, don't respond to unknown people, Re-check a couple of times, don't get lured easily by a big amount of money (usually from airdrops), and so on. I hope we all be safe from any kind of scam trial

almost every day I receive this kind of Email. But I don't try to open those Emails. I know a hacker trying to hack my PC every time. So I am very aware of it. A few months ago somehow my PC got hacked, and hackers can able to get access to my browser. I remember I download a zip file from Mega. When I tried to extract the file, My windows defender warned me but my computer was already infected.




Hacker tried to log in to my Gmail account, But Gamil warned me that someone tried to log in to my Gmail. After that, I format my whole computer hard disk and set up new windows. Also changed all of my passwords for computer and mobile.

---

Now every time when I need to download any file, I use https://www.virustotal.com/gui/home/upload to scan those files or websites. This website is the best.
I also suggest everyone, Before downloading any file from the unknown source/internet trying to use Virustotal. It is very helpful for you.

VirusTotal is okay. It's good for some quick checking, without having to actually install any software on your device. However, it's not entirely accurate, and shouldn't be relied on. You shouldn't be downloading any attachment that you aren't expecting, and can't verify with the person sending it. Also, you shouldn't be downloading any software on the internet without verifying it came from the official source. Even then, you have to ask yourself if you actually trust the vendor serving you that file.  

Any sophisticated hacker would likely be able to code around TotalVirus detection though. Though, most of them don't target the likes of me, and you. Instead, we are mainly targeted by script kiddies i.e people using other peoples scripts, which are generally known among anti virus software, and TotalVirus.

Computer viruses or worms that spread using electronic mail have been known since the 90s. I don't know what is new here, but people seem to have become too dependent on the mail service filters. Common sense should be everyone's best protection from such attacks.

Well sure, OP, but this is too obvious and I don't know the reasoning of someone just going straight up and download these kinds of files. This is even lower level than phishing.

Would you download a randomly named executable file when someone told you that you can generate Bitcoin with it?

There were some reports of false positives, and from that I wouldn't really rely on it as I am not even sure if they keep their virus database up-to-date.

I also feel Google isn't doing much to protect its users from data theft...you might say it's not their responsibility but it's one way of protecting its business. And they can sort this out stopping or blocking these domains from further spreading their malware.

I have have found myself receiving 100s of emails in a week from different  domains even after reporting these as spam but it just never stops, I have resorted to not using my email address and jumped onto a newly created one.

Why open an attachment from someone or something you didn't apply/subscribe for or enquiry about, there is an option on Gmail when signing up an address, which is for personal use, business or sometimes child, I think this directive is enough for -Newbies- and experts to know that they can earmark addresses for distinct purposes have one address can increase your curiousness or maybe mixed up to open an attachment you can't understand where the source got your address from.

I just noticed the rate at which people are just trying to have access to our funds is really increasing rapidly there are lot's of cryptocurrency scam patterns now which we all have to be very careful so that we wont lose our money there are lots of fake apps, fake links, fake websites and fake airdrop and giveaway currently which they are just trying to drain. So we all have to be very careful the kind of and and where we inpute our details to avoid been scammed.

This totally a spam message and only a silly person will believe the content of the message but I dont know what the OP was thinking to even open such message which could expose him.

This is the worst. The other day I compiled my own code and my AV detected it as a virus and removed the compiled binaries!!! It was funny and infuriating at the same time. Suffice it to say that I had to exclude my  entire dev folder. The only reason I have an AV is its firewall because it gives me a lot of control over what applications can access to the internet.

Tbh I wouldn't install an AV (which imho is also a virus, as Welsh said) just for the firewall.

For example, to simply restrict some binaries access to internet, something lightweight, small and open source as ufw (https://launchpad.net/ufw (https://launchpad.net/ufw)) should do the trick.

As a very strong and effective firewall, you'll also (additionally) want something separate from the device you're trying to protect, a physically separate piece of hardware in your network that filters packets and everything.

This kind of email attack or also called a Smishing this kind attack are letting their users to click the click or any suspicious file and of course today if you click a file it might automatically download unless there's another layer of security you have to prevent this might happen, if you remember there's a trending of email virus before which is the I love you virus this is one of the most notorious kinds of message that damage a lot of assets of the organizations. Smishing is nothing new in the internet because there are uneducated people keep exploring even though its came from a suspicious sender. It is better to prevent clicking anything, think before you execute.

I think the safest way to keep your system protected from hackers is to avoid opening links you are not sure of. And do not depend on your anti-virus, some viruses are more sophisticated than these anti-viruses.

There are actually many phishing models in order to trap us in such conditions and lose our assets, virus on our devices, and others.
Well, just be simple:
- Never click any link if we don't know the sender, even that is a very promising advertisement
- Never trust anyone outside that gives you certain links, codes, or other information that promise you to get certain rewards.
- Never trust anyone who is asking for your keys, password, and others.
- Avoid clicking any link or hyperlink in a website, email, and other notifications.
Here is about carefulness and awareness of the things that we are going to do.

I agree with your conclusion about carefulness and awareness, but I disagree with some of your suggested methods. Without hyperlinks on websites, the Internet would be nothing but a collection of unrelated documents. Hyperlinks are the very essence of the world wide web.

What is important to protect against phishing attacks is to understand how to recognize a phishing attempt and what you should do about it. Phishing sites are designed to look like legitimate websites in order to collect your personal and confidential information. Therefore, it is crucial to identify phishing websites and fake urls and to not enter any information on such sites. You should bookmark all important web services and type the url directly into the url bar if you are visiting a website for the first time to make sure you are on a legit website.

Btw, same thing I said here:


I keep receiving these emails. The last one I got (1 hour ago) leads me to a "Bitcoin cloud mining" (scam) website.

I just marked these kinds of emails as spammed they keep coming in my emails every other day I lose count of emails like this that I deleted and marked spam, there's no description of what they are sending it is written in the Russian language or similar but I don't have the habit of clicking emails from unknown source or emails that I don't remember subscriber, this is the cost of participating in airdrops with email verification

Unsolicited emails are considered scammed gone are the days when we received emails coming from those so called price of one country which they picked you to be a heir or there are incoming box that contains a stock of gold, this is the kind of email I received ten years ago but now many of these are Cryptocurrency related emails, this is how popular Cryptocurrency now.