Bitcoin Forum

As reported by Cointelegraph and Zscaler, there is a new trojan malware based on Microsoft .NET that targets crypto, named Saefko
This means that Linux and Mac users are in a bit better position regarding this trojan, but as you can see it is Multi OS.

https://s8.hostingkartinok.com/uploads/images/2019/08/bd733ab2c3a91f727c95220155b84d5f.jpg

https://s8.hostingkartinok.com/uploads/images/2019/08/083f0e7a7180c55293f3a5587c916716.jpg

Please read source articles, educate and protect yourself:
https://cointelegraph.com/news/researchers-discover-new-cryptocurrency-focused-trojan
https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat





How to protect yourself?

- Don't answer any unknown email
and don't download/open any email attachment from unknown senders

If not mistaken I also see the same topic, warning about, (Cryptom Malware Saefko Trojan). A few days ago.

Topic: Researchers Discover New Crypto-Focused Trojan (https://bitcointalk.org/index.php?topic=5174131.0)

I thought it was just a joke to frighten cryptocurrency investors,

However, every day the news gets more popular, it talks about fraud.

So, it's worth watching out for if this continues to grow.

As discussed.
Zscaler ThreatLabZ Discovers New Saefko Remote-Access Trojan (RAT) Malware Targeting Crypto Users (https://www.google.com/amp/s/bitcoinexchangeguide.com/zscaler-threatlabz-discovers-new-saefko-remote-access-trojan-rat-malware-targeting-crypto-users/)

Researchers Discover New Cryptocurrency-Focused Trojan (https://m.investing.com/news/cryptocurrency-news/researchers-discover-new-cryptocurrencyfocused-trojan-1951504)

Maybe whether there is an effect on Bitcoin in 2019 will skyrocket.
Reasons to scare off investors / cryptocurrency investments.

Bitcoin INFO (https://www.twipu.com/BitcoINstagram/tweet/1159960398918868993)

https://i.imgur.com/cu5yyN0.jpg

or this is indeed reality.
I only thought.

Thanks!

We need a better SEARCH function for Bitcointalk forum,
as I did search before I posted, and I can't track every single post...
I noticed that searching for recent posts I always get some weird incorrect results...

We need one Locked topic related only to Malware, Viruses and Phishing security warnings,
please moderators :)

No one has been locked, all the topics are almost the same.

Maybe you have something more unique about information (Malware, Viruses and Phishing security warnings) (https://bitcointalk.org/index.php?topic=5174179.msg52116996#msg52116996) in a new method.
Topic:
[1]. Topic: Phishing myetherwallet site (https://bitcointalk.org/index.php?topic=5131648.0)
[2]. Topic: 5 Ways to Avoid Bitcoin Scams (https://bitcointalk.org/index.php?topic=4843399.0)
[3]. Topic: Google Malware Checker l SEO Ninja Softwares (https://bitcointalk.org/index.php?topic=5116753.msg50016663#msg50016663)
[4]. Topic: Smishing and how not to fall for it (https://bitcointalk.org/index.php?topic=5163208.0)
[5]. Topic: Cryptocurrencies Wallets (https://bitcointalk.org/index.php?topic=5107929.0)
[6]. Topic: Hacker stole my funds from blockchain (https://bitcointalk.org/index.php?topic=5088573.0)
[7]. Topic: Protecting Your Computer? (https://bitcointalk.org/index.php?topic=5124071.0)

This this forum search guide may help in case you have not read it yet https://bitcointalk.org/index.php?topic=3127909.msg

Thanks.
I meant to say ONE united STICKY topic for all that ....
my bad   ;D



Thanks.
I know how to use it, but 'most recent' is not giving good results

https://s8.hostingkartinok.com/uploads/images/2019/08/2d5d983777358d4016eb799ed1b0365d.jpg

maybe there should be option for most recent post

Search like this for example:
site:bitcointalk.org Saefko to display results only from bitcointalk.org containing the search term Saefko or any other term you would like to see.

And you will get this:

https://talkimg.com/images/2023/11/12/zXg6q.png

Thanks @Pmalek

Anyway thanks for let others know about that Trojan and Malware thing !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !

I agree.
That is why I think adding some notification warning from Bitcointalk would be good, regarding new security threats,
and maybe also separate sticky topic/threat for that.

Something like this or similar:

https://s8.hostingkartinok.com/uploads/images/2019/08/bebef9044c813c3e213740b53fc49991.png

https://s8.hostingkartinok.com/uploads/images/2019/08/58146ab7eaa27d7633f7649a9d375ecb.png

I fighting the last month and weeks about the Fake ANNs here on the forum , and all links there are getting you to Fake githubs where they have there Malware software !
Also for bitbucket is the most times  Malware infected links . But its hard and difficult to do something about !
At the moment we just can look for them and findd it earlyer and report them to the Mods.

It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed

In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github!
And as i said earlyer we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!

I am not sure blacklisting bitbucket or Gitlub is a good solution for this.
I am more for some pop up or notification implementation.

I understand and saw/reported a few myself
What I was suggesting is something like this: instead of the old blue color a link normally has, color it red if spoofed

https://bitcointalk.org - keep it blue https://www.google.com - keep it blue https://bitcoin.org (https://www.youtube.com) - make it red
It could help imo. Maybe a bit with fake/spoofed github repos and with anything else of that manner ...

I havnt said or written to Blacklist github because that would not happen, i just have written for maybe Blacklist "bitbucket" links if possible! Would be start for against malware posted links! Its just an Suggestion and depends on theymos to do that or not! In the mean time i looking everyday for catch them who Posting this links.

I meant to say Bitbucket and GITLAB (I wrote by mistake Gitlub).
That are active Github alternatives

That's why it's important to isolate anything crypto-related into a clean virtual machine environment. The keylogging bit scares me.

This is wrong, just because that piece of code was written using .NET firmware (Microsoft )does not mean it has less effect on any other operation system, in fact i looked at the code and seems like they used C# to write that code,most likely using Visual Studio, and starting from 2017  .Net Visual Studio implemented a new function where you can basically use the same code to compile both windows and mac based application.

I also don't understand why all the fud regarding this one specific malware, it's not like they found an exploit in the .NET firmware or something else, it is simply another RAT , there are RATs by the ton out there and they all cause just about the same damage, there is really no point in warning people about every single one of them, this creates a sort of impression that malware are more effective on crypto assets than credit cards or any other online payment system, which is technically wrong.

These malware are only effective if the user lacks basic knowledge regarding computers/internet security , if you follow one simple rule which is ( NEVER run executable files from untrusted sources ) you are pretty much safe from all malware out there, the only thing that you can't help stop would be an exploit in the OS or one of the trusted programs you have installed on your computer , which is very rare.

I also wrote this:


'FUD' is proportional to amount of sales this trojan got over social media recently,
and specific cryptocurrency targeting.

You should also check out this link regarding Windows Remote Desktop Vulnerability:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182

Zscaler ThreatLabZ has now reported a similar remote Access Trojan (RAT), called InnfiRAT, which is also written on .net, and which steals data from browser cookies, has the capability to take screenshots on your computer, and has a specific mission for search for crypto related information.

What I lack seeing though is this kind of report is the specific media it was detected on (i.e. zip file named so and so attached to an email on the topic of such and such), even though one obviously should not click on links nor download any software from other than triple checked official sites.

See:
https://cointelegraph.com/news/new-bitcoin-wallet-focused-trojan-uncovered-by-security-researchers
https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more

Note: Why is this thread on Meta?

Thanks for reporting this!

How to protect yourself?
- Don't answer any unknown email
and don't download/open any email attachment from unknown senders

In general, malware can be embedded in the phone directly at the factory. And that is the problem. Here you need to carefully monitor the feedback and discussions of users and specialists who can audit the phones. Because you lose control over the phone, you risk losing your crypto money too

The problem is not in hacking programs or malware, but in the fact that many users ignore simple rules for working with cryptocurrencies. I advise everyone who wants to engage in trading or just crypto management to get acquainted with trading tips on the taklimakan platform. This will provide practical knowledge, as experienced traders are involved in the recommendations. And there is the opportunity to find out for sure and even discuss which crypto wallets, platforms, exchanges are better to use

Some of these kind of emails comes from spam folders so never navigate in the spam folders or if you have no choice because you are looking for something, be sure to check the source and if you are unfamiliar don't click or open it, even though it is has a very attractive title, that's what they are good at, they create a very catchy title, it's actually a bait.