Bitcoin Forum

Everyone who likes downloading their movies from torrent websites should be very careful. The article mentions Windows users, however, I reckon everyone should be careful.

Also, stop using your personal computer for cryptocoins to download movies or tv series for crying out loud.

https://www.bleepstatic.com/images/news/u/1100723/Malware/MaliciousLNK-ad-inject_Wikipedia.png

A malicious Windows shortcut file posing as a movie via The Pirate Bay torrent tracker can trigger a chain of mischievous activities on your computer, like injecting content from the attacker into high-profile web sites such as Wikipedia, Google and Yandex Search or by stealing cryptocurrency.

If the victim goes to Wikipedia, the malware's injection mechanism inserts a fake donation banner that states Wikipedia now accepts cryptocurrency donations and provides two cryptocurrency addresses to send "donate" to.

One wallet is for Bitcoin and at the time of writing had $70 worth of cryptocurrency. The other is for Ethereum and had a balance of almost ETH 4.6, or about $600.

A third bitcoin wallet address was found in the scripts downloaded by the malware, with a balance of $13. This does not appear to be included in the Wikipedia donation scam.

All three wallets are part of another malicious task, meant to replace a Bitcoin and Ethereum addresses found on web pages. This tactic does not show any sign that could alert the user of the trick. Because the wallets are a large string of random characters, most users will likely not notice the difference between what they expected to copy and the pasted result.

Read in full https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/

Today is a good day to drop windows. There are plenty of nice alternatives, do not delay if you don't want nasty surprises, use Linux: https://distrowatch.com/

Of course, as I explained elsewhere, your leisure activities and your money should be separate. So if you insist in keeping a "windows gaming computer", at least install Linux in another one and keep your serious stuff there.

Linux isn't really that much more secure than windows, a similar attack could easily be executed against Linux desktops. However, Linux is only used on a small amount of home machines, so malware authors don't bother with it.


The only excuse to not have a cold storage setup is if you have a tiny wallet for daily spendings, everything else is just a stupid risk. And people who want to pirate should get a dedicated device for that, instead of using the same one for both piracy and work or finance.

Evolution of scammers when the technology evolves. ;D

But the people who uses pirated version of any software or movies found on the internet are always have the risk of something goes against it,so better use separate PC of crypto wallets and anohter one for watching movies.

or better yet, just don't pirate material. go to safe streaming sites if you want to keep malware away from your device.

Hackers become smarter every day and their stealing methods more complex. If you want to sleep well knowing your funds are totally safe just buy a hardware wallet and you'll eliminate the risk of being hacked.

You can easily just boot up with "Tails" and quickly do your Crypto currency stuff, if you are using Windows as a Operating system. <On the same computer>  ;)

This is actually not something that would simply steal your funds by just downloading the shortcut, but rather a Social engineered method to trick you into believing that you are donating to Wikipedia. <People will only lose the donations and not all their coins in their wallet>

Thanks OP, for the advanced warning.  ;D

this is a very common misunderstanding that people think if they use Linux they will magically be safe. but that is not the case at all. the only difference between Windows and Linux that makes Linus safer is that Linux is open source and when security holes are found in it, they are patched fast while Windows security holes take a long time to be patched and Microsoft usually leaves some backdoors intentionally.

otherwise if you want to be safe to you have to use cold storage and it doesn't make much of a difference what OS you use for it then.

Maybe a little safer than windows, but not too safe.

Whatever they find and want to download on the internet, they have given hack hackers into the computer systems we use. better try using a different device for work and for entertainment.

Anybody who keeps their bitcoin’s on a computer where they download files is awking for trouble. Sure it’s ok to use it for browsing etc but you are seriously asking for trouble if you even think about downloading torrents.

There is no cure for idiocy.

Tails is more crypto friendly as it has integrated with deeponion the privacy focused coin. Good to know about this windows scam, we should check those bitcoin addresses and see how many bitcoins they net

That's the best advice to give, though I have no confidence whatsoever that people will follow it given how easy it is to pirate stuff.  Me, I'm happy with old-school methods of entertainment--buying DVDs or just watching what's on Youtube. 

That would be something if Wikipedia actually did accept crypto for donations, and I'm really surprised that they don't.  I've seen their genuine banner, and it always made me scratch my head that they don't take bitcoin at least.

Yep, and for me as a relatively non-techie guy, this scares the pants off of me.  Fortunately for me I don't often download legitimate programs much less some sketchy torrent files that I wouldn't be able to protect myself against.  I'm sure more computer literate people would be able to, but if I relied on those in order to watch movies I'd be in serious trouble.  Thanks but no thanks.

Hey I believe not all can use separate devices for both as not all will have the luxury of extra cash, hence these people are often the soft targets. I believe in a situation like this one should install good antivirus protection, and make sure to daily run the antivirus and if the antivirus says it’s risky leave the file or site instantly. Also it’s pertinent to note that in today’s digital world I would advise to stream online, rather than download files which may be harmful for your system.


This is why I stress on having a good antivirus program installed, most of these now come with search engine tools which shows whether the site is safe or not, also they’ll scan your file and help you be safe. I feel you should consider getting one, and it’s just not non techie guys, remember the recent Electrum wallet scam so many fell for it.

Another Linux elitist. This is easily preventable if the user don't really play with torrents and keep it clean on their computer, doing regular scans and avoiding downloading on direct links, especially on websites that are plagued with ads that would surely contain adware/malware on the side. I keep my games, downloaded files, and a lot more stuff in the same computer but I haven't encountered any such thing, not even once.

And I'm running Windows, and you should understand that not all are familiar with the UI of Linux.

I think Linux is painfully clunky shit and I'd sooner give up computing than have to use that on an every day basis. I don't understand why it has to be so crappy after all these years and I don't care either.

And anyone who says 'yeah, but' is welcome to come and sit on my lap and operate it for me via my voice commands. Until then, sod off.



You can get a fully functioning second hand computer for $40 or less if you're totally unfussy. Obviously that's still a lot of money in some parts of the world. If you're in a bit where it isn't consider it an investment in your own future.

People somehow blindly assume that when they use a desktop client, they can't be hacked anymore, because hey, using Bitcoin Core as the most secure client (or pretty much any other reputable desktop client) will make sure their funds are safe. It's like folks in Africa believing that if they expose themselves to certain substances, that they can't be shot or stabbed anymore. It's so retarded, that you can't even think of a way to help them other than having them get rekt/hurt first.

The deeper we dig into mainstream adoption, the worse the people entering crypto become, and we have seen that in 2017/2018 already.

This is why banks and payment services such as PayPal will always have a dominant position in the world economy. People can't take care of their own finances. They need a central party to do it for them, and that can reverse transactions in case of malicious activity.

I see so many stories of people getting hacked & having their wallets emptied. It’s sad but these guys really need to educate themselves.

You wouldn’t go out on the town with your wallet open constantly & show people what hou have on you.

Seriously, offline cold storage damn it.

Nothing beats free however hehehe. There are also no safe streaming sites except the paid sites similar to Netflix.

In any case, you might have missed what bittorrent mainly is. It is a peer to peer file sharing network for anything. Its use for good must be encouraged.

Its not a misunderstanding, but I didn't go into details in regards of the audience. The truth of the matter is that there are far less vectors for infection in Linux/BSDs. For starters windows binaries do nothing there, and people using Linux don't (usually) download binaries from web sites, they use their official repository packages or source compile. There are also several bad habits windows users have that are simply not done in Linux.

Yes, you are not totally safe, but its never on the same level. Some windows users like to pat themselves on that false premise: that the only reason Linux doesn't have as much malware as windows is because its not popular. But you are disregarding the infection vectors, which in Linux are very few and rare, but windows has been in all its history a never-ending security nightmare full of bugs and exploits and many don't even require user intervention.

If your malware ridden windows happens to have been infected with a keylogger or similar, the moment you activate your cold wallet you can kiss your money goodbye. A cold wallet should always be handled from a live iso, like Kakmakr suggests (https://bitcointalk.org/index.php?topic=5097436.msg49238277#msg49238277).

So? To each their own. The "UI" of "Linux" doesn't even exist, In Linux you can choose to use from many UIs (including several windows/osx clones) or none at all. You are just too lazy to learn new things, but that's your choice. Don't assume everyone is as lazy as you are. Its everyone's decision to take the advice or ignore it.


In this case they used a "movie" as bait, but it could have been anything like "free game/video player/windows cleaner" whatever. Its something about habits and culture, cultivated by that OS that happens to be "popular" but is also the most dangerous.

For example this case: I GOT HACKED AND LOST 1 MILLION (https://bitcointalk.org/index.php?topic=5080741.0).

That is the main reason why  I usually put some amountd that i will be using on a exchanger site especially because I am using only one pc for all my activities.

The larger part of my amount are of coursed being stored on a cold wallet. Ill just have to try mobile wallet as an alternative

I do not consider myself a Linux elitist, but I think it's better than Windows if you're handling sensitive material. If you can protect yourself though, good for you! I say that sincerely. I personally prefer it because I can afford to be a little more careless with my activities. I don't keep wallets on my Windows machines.

But uh, there seems to be a common misconception that Linux is hard to use. It may get daunting because there are so many flavors to choose from, but the most popular ones are user friendly enough that it shouldn't take the average joe more than a day to get used to it.

so sad! windoes users are always target of scammers and hackers! i think it's time to switch to easy alternatives as Ubuntu, mint etc

In this case your are using an online wallet, you are putting your trust in a third party. Instead of your computer getting "hacked", it could be that server. But then, if your computer gets compromised, they can still gain access to the money in that server. By intercepting your password and 2fa in real time.

So even for that, you should use a secure OS. Anything that involves money should not be done lazily on the same pc, Of course booting a live iso is perfectly valid; point is don't use your "everyday windows pc" for this, you are in danger.

People who are too lazy to use a different OS, will much less be able to secure windows, which is much harder to do than just using Linux. And that is a fact.

Here is a sample of a "Linux UI" (as i said before, the UI can be completely replaced or removed entirely):
https://distrowatch.com/images/cgfjoewdlbc/manjaro-small.png
Its so scary a windows user could never use it, right? Oh wait...

Exactly, that comment about "elitism" is nonsense, as if he/she couldn't put an iso in a usb and boot from it or install it. Elitism would be if it was a select group where only a few could access, but its quite the opposite: Linux is free open source, anyone can legally download it and use it, unlike windows.

Fact remains that windows is and has always been far more dangerous than Linux and other *nix like OSes, with or without user intervention (mistakes/bad habits, etc).

When you are your own bank, you assume those responsibilities. Ignore them and you lose money, is that simple.

all you need to do is to look for a premium malwarebyte and install on your computer. I have been a victim of cryptovirus before. I downloaded a file and my system became infected with a virus called coinminer. what the virus do is to use the power of your system to mine cryptocurrency for the attacker. I noticed this quickly through the high CPU of my computer and also my battery run down very fast when not connected to charging source. I got raid of the threat through malwarebyte and ever since I have been very careful when downloading especially from sites that give freebies

This!

TPB is full of fake files, malware, viruses, tracking torrents, everything!!!
There are hours when in the "recent" section the last two to three pages are full of so-called rips from the latest movies with thousands of fake seeds and of course fake files.

Downloading a fresh torrent from TPB from a non-trusted user is like agreeing to have your computer infected.


I find it funny how even now after years and years in which we supposedly have access to information the majority of people still think Linux is something of a command based OS and they picture it like a ms-dos window.

We should really start to treat those wallets like they should, like a bank account that once compromised you have no way of getting back your funds. Why risk hundred or even thousands of dollars when there are so many cheap alternatives to secure your funds?


Don't put that much faith in anti-malware programs, they are not a bulletproof security method.
If you're unlucky and be the first hit by a new type of malware it won't trigger an alert.

We live in an era when blockchain and bitcoin technologies are rapidly developing, and, unfortunately, fraud is also flourishing rapidly. We can fight it only if we are careful and cautious about everything, but it is not always possible. The human factor has not been canceled nobody. And yet, we ourselves must take care of our security and the security of our cryptocurrency funds. Nobody will do it for us.

Hello,

Thank you BBC.reporter for your subject.

I don't download torents and furthermore on a "crypto" computer but it is good to know in order to be able to add this advice when I speak security potential threats to friends and people on crypto social media.

Really elaborated method, scamers/hackers are more and more imaginative to steal people, specially on this area where many rookies don't know the basic rules and don't follow the basic rules of don't trust anybody you don't know, specifically when money is in the middle.

Most people actually recommend that you run it in conjunction with Windows Defender, so while it's incredibly reliable, it's probably still not as reliable as you think and/or might need it to be. If you must run Windows for crypto activities, you're going to need to stop risking all of your funds for small freebies like pirated movies, software, etc., as your coins are probably worth more than they are. You have very little room for error, if any at all.

To protect yourself, it is best not to store cryptocurrency or private keys to wallets on the device that has access to the Internet. Losing money hurts a lot. I've been through this.

yep, that's true - nothing beats free  ;D   used their services back when the original tpb site was still up and the government wasn't making a move at them yet. so, yes, my device back then was a virus and malware haven haha!

also agree that there are no safe free streaming sites so i pay netflix  :)  the downside is that most shows there are ancient save for a few tv series.

anyway, used bittorent and understand what it does. they've partnered with tron and recently announced expanding their ecosystem to include blockchain technology. so they'll get incorporated to cryptospace and introduce the token BTT which will be a tron trc-10 token. new bittorrent and utorrent software will integrate wallets so even non-cryptocurrency users will have wallets right away. does this mean that a user gets incentives for downloading and seeding files - including malware?

have you read their whitepaper? i haven't so i still don't get how the client, swarms, trackers, and seeding will play a role in bittorrent's cryptocurrency protocol. it should be interesting to find out how their protocol will fare in the crypto-economy including how they'll address malware infections if that's possible or if there will be any...

This is why you should never ever deal with files from unreliable sources or visit strange websites.
As well using hardware wallets is a reasonable thing to do.

People are becoming more intelligent, and the forms of attack are becoming more and more complex. I'm not a tech-savvy person, but I find that this is a significant threat for people who participate in Cryptocurrency like me when most private keys stored on a PC or laptop. But I think security companies will soon solve this problem to replace users.