A new Webrat virus has appeared on the Internet that spies on victims and steals accounts and crypto wallet data. The virus is distributed mainly through game cheats; gamers will most likely be the first victims of this virus. Other operators distribute Webrat through GitHub under the guise of utilities. Some programs have built-in legitimate functionality to lull the victim's attention. Webrat monitors victims through desktop broadcasting or a webcam steal data from browsers and information about crypto wallets, and hijacks Steam, Discord, and Telegram accounts. Owners of crypto wallets and gamers on the same device need to worry about their assets and separate entertainment and finances on different devices, especially if you like installing unlicensed software.  I apologize, but I have not found any news in English yet, so use a translator. https://rt-solar.ru/solar-4rays/blog/5540/https://xakep.ru/2025/05/28/webrat/
|
|
|
People often get used to trusting Apple gadgets, relying on their security. Recently, news appeared that applications appeared in the App Store that contain the SparkCat Trojan, which steals all data from the phone's photo gallery. Those who still save their passwords and seed phrases, taking screenshots, should worry about their funds. This Trojan was also found in Google Play, which suggests that no device should be trusted to save important data. This malware is currently configured to steal crypto wallet data, but it could easily be repurposed to steal any other valuable information.
The worst part is that this malware has made its way into official app stores, with almost 250,000 downloads of infected apps from Google Play alone. Although malicious apps have been found in Google Play before, this marks the first time a stealer Trojan has been detected in the App Store.
https://www.kaspersky.co.uk/blog/ios-android-ocr-stealer-sparkcat/28661/
|
|
|
I will leave this post as evidence of plagiarism. Reference link. This user apparently came up with a way to gain merit by copying other people's posts and then deleting them. Yesterday he made ten posts, some of which were copied from other users. He was probably hoping to get some quick merit by quoting @JayJuanGee's old posts so that he would in turn give him merits. But today he deleted everything. I don't know if I figured out his plan or not, but I think this behavior deserves a negative tag. Previously, he also deleted his posts, perhaps this was not the first time. Chiomaobihttps://bitcointalk.org/index.php?action=merit;u=3454877 https://ninjastic.space/post/64354190copied fromThe DCA strategy is absolute unique, being applied with no chances of affecting one's cost of living. Much is not expected to be wholesomely invested, it goes with little fractions that later on builds into bigger portion of what becomes in our portfolio. Maybe not just the DCA alone I have also learnt a few other strategies that can aswell be compiled with the DCA method to achieve greater results.
Investing in DCA method seems to me to be a simple and recommended strategy. There are many of us who cannot afford to buy a large amount of bitcoins at once but buy bitcoins in fractions through this method. Those of us who invest in the Dollar Cost Averaging method have a specific goal in mind which is to invest in Bitcoin with whatever money we have left over excluding our necessary expenses, be it monthly or weekly. There are many investors or members who regularly invest in DCA method. By investing in this way we can grow our investment portfolio if we do it patiently for a long period of time. https://ninjastic.space/post/64354035copied from Try and try until you do find out on whats the best thing for you and as much as possible then the more the better but of course it would really be needing that proper time management and handling so that you could really be able to do such thing because if not then you would really be finding up yourself on being challenged because dealing up with multiple things wont really be that easy.It isnt really just that you would really be needing that time handling but also you would really be needing that financial management too, considering that you are dealing with multiple things which could really be bringing up that potential income and could really be put up into your condition that you could have multiple income streams but of course it wont really be that a guaranteed thing considering that both does involved out some risks but somewhat it is really just that worth on dealing up with this because how you would really be able to make yourself that be successful if you wont really be making out such move?
Some people doesnt really like on involving themselves too much in so much risks specially on trading which we know that not all would really be that capable on doing so and dealing with the market with so much volatility isnt something that wont really be that simple but doesnt mean that its impossible to deal with.it is really just that it does really require sufficient knowledge and skills for you to be able to handle up yourself onto this market but of course it would really be needing that sufficient effort and risks taking.
https://ninjastic.space/post/64353318copied from If someone does have the capacity on knowing about on when to buy and when to sell then you would really be a rich person for sure and there's no doubt on that but we do know that this is some sort of dream that everyone do wish for is on which they would really be able to know into those when conditions but we do know that it cant be just possible. This is something that all people here on this market is really that trying to figure it out and this is something that majority would really be doing their very best on learning those technical analysis because we are really that trying out to find on where it would possibly go.
This is where we do really tend to learn up all possible aspects that we could really be able to learn on which this is something that we would really be that figuring on where it would be heading but since there are tons of factors that could affect market movements then this is something that what makes things even more harder.
|
|
|
I didn't find this news here, which is now being actively published on social networks, but it can be discussed. The news is that a man in Singapore won a four-million-dollar jackpot and suffered a heart attack after learning of the win. More details: https://www.ibtimes.sg/singapore-casino-tragedy-viral-video-shows-mans-collapse-after-4-million-jackpot-75035Sometimes joyful events end sadly. A person who learns the news experiences stress, which causes a strong heartbeat; and adrenaline levels to increase; and if the winner’s health is not very good, misfortune can happen, as happened with the player from Singapore. Have you ever had a time when winning a large sum caused inconvenience and did not bring you the joy you expected?
|
|
|
Based on the recent threads about hacked or purchased accounts, I would like to ask the community how they feel about the fact that after ten years of absence from the forum, an account wakes up and completely forgets about its past. To be clear, I came across this account by chance. TheSpiral https://bpip.org/Profile?id=103790After looking at his history, which is fairly typical for all signatories, I discovered a long time span. The account woke up and immediately decided to participate in subscription companies.  He also entered the pizza competition, probably realizing that some merit might come in there.Obviously, the participation was without understanding what pizza is https://bitcointalk.org/index.php?topic=5247383.msg62333379#msg62333379But something else is interesting. In 2013, he was a very enthusiastic and competent miner who discussed different coins in every possible way, simultaneously mining them and actively discussing everything with other miners. https://ninjastic.space/search?author=TheSpiral&board=159https://ninjastic.space/search?author=TheSpiral&board=39Regarding Bitcoin, he did not catch any big illusions, preferring other alternative coins. That's a silly question. The only answer is an opinion. All coins take something from previous coins, whether as a benefit or just simplicity (i.e. being able to mine them on programs that already exist). You pick one you like, then mine it. If you're going by a feature list, Bitcoin itself would be crap. It's established and valuable though, including many ways to actually use it unlike other coins. It's mostly perception and awareness and guessing which will gain either of those. What do I mine? A few of the "new" coins off and on for the sole purpose of profit. Aside from that, if you don't know what to mine, go with a pool that offers multiple choices, like multipool or middlecoin (this one doesn't net you alt coins, but gets the profit from them by auto-converting to BTC). But ten years later, his posts became ordinary, typical, as they say, all to fulfill the signature quota. I read everything—completely all the posts—but I didn’t read a word that this person had previously been involved in mining and had good experience. Do you believe that after ten years, your memory erases everything you were previously passionate about? And the second question is: is it fair to ignore an account that easily receives a rank and can participate in the signature? Is this fair to those who come to the forum with a single account and independently achieve high ranks? According to some participants, it turns out that if you have money, you can always buy everything, which means you will be higher than others. I'll correct it. If the account is not in DT, it does not pose much harm. The account has a Bitcoin wallet number, by signing he could dispel all doubts about the authenticity of ownership of this account. https://ninjastic.space/addresses?address=1PSt9bDdGJBkrR7CAGTRA9azp96uLU8hge845256-8ad46782f07921eae5b9a4b8b18fdf1e
1PSt9bDdGJBkrR7CAGTRA9azp96uLU8hge
I sent a PM
|
|
|
I found some matches in the BD Crypto profile that indicate that this account previously had several alternate accounts, one of which is already banned. https://bitcointalk.org/index.php?action=trust;u=1324004Can I, @BD Crypto, ask you how you are connected to the https://bpip.org/profile.aspx?p=coinliker account? Did you know that if one of your accounts is banned, you can't register other accounts? Follow. https://ninjastic.space/addresses?address=1KW3N3LmfUDRaXy8ZRGkbwpaBEjQNdiwPeBD Crypto removed these registration details in an attempt to hide the wallet number. But we can see that alik111 last used this wallet number on July 18, 2020 06:17:25 UTC. That is, much earlier than the publication of BD Crypto. Also, before that, there were several posts saying that the alik111 account had alternative accounts. https://bitcointalk.org/index.php?topic=5252044.msg54528210#msg54528210Similarly, banned account coinlikerposted his link with the YouTube channel address earlier than alik111. Similarly, the name of the YouTube channel is similar to the nickname of the third account BD Crypto https://www.youtube.com/@CryptobdSchoolA few more alternative accounts were discovered by users earlier. If you look at his history post, he already backs to his habits to the social media bounty hunter so maybe he will not responding anymore since he already got 1 merits for the bounty. Also he have a few alt accounts and using them for the bounty, so basically he already aware of the forum. OP registered about 1.5 years ago and only has 15 posts--that might be part of the problem. On the other hand, I bet he's got more accounts than just this one.
Here the list: #Proof of ownership : - @alikmou - eth address: 0x97d58E5E4ECDc3e63A0a90D9607f4B7ae12F9a2c
#proof of authentication ETH wallet address: 0x97d58e5e4ecdc3e63a0a90d9607f4b7ae12f9a2cMail ID: a1alikhasan@gmail.comusername telegram : @alikmou username twitter : @AlikKhandoker ETH Address : 0x97d58E5E4ECDc3e63A0a90D9607f4B7ae12F9a2c
https://bpip.org/smerit.aspx?from=alik111&to=BD%20CryptoThere is also a joint participation of two accounts in the company hhampuz and yahoo62278. https://ninjastic.space/post/54806899https://ninjastic.space/post/54808522I did not find if there were any prohibitions for the participation of alternative accounts. In conclusion, BD Crypto violates forum rules and should be banned.
|
|
|
After creating a JollyGood thread about a weird merit giveaway, I happened upon a thread in which merit was generously distributed to several accounts, and the strangest thing was that the accounts were already seen as one single farm. How it all started: An account brought up an old thread that has been dormant since June 1, 2022, at 05:33:23 AM. https://bitcointalk.org/index.php?topic=716530.msg62189264#msg62189264The newbie account immediately received 10 merits from the author of the theme, which was already created in 2014. The donator himself also made his first post since June 1, 2022, as he is also a newly awakened one. Previously, he distributed it to four users, after which the account itself was inactive. So, what is next? Further merits flowed on the accounts: https://bitcointalk.org/index.php?action=merit;u=102873TraPole 10 Newbie RewFrew 10 (Bengali) Merit Catcher in the Pizza Contest Popkon6 10 (Bengali) Merit Catcher in the Pizza and Pumpkin Competition Rigon 10 (Bengali) Merit Catcher in the Pizza and Pumpkin Competition NicNacCoin 10 (Bengali) Merit Catcher in the Pizza and Pumpkin Competition LDL 10 (Bengali) Merit Catcher in the Pizza and Pumpkin Competition Dimitri94 10 (Bengali) Merit Catcher in the Pizza and Pumpkin Competition GigaBit 10 (Bengali) Merit Catcher in the Pizza gabbie2010 10 EarnOnVictor 10 Bitcoin_people 5 (Bengali) Merit Catcher in the Pizza competition Patrol69 5 (Bengali) Merit Catcher in the Pizza competition Interestingly, all but two of these accounts have been repeatedly accused of merit farming. Does anyone see a pattern again?
|
|
|
Recent news again warns that if you have a crypto wallet installed on your phone, and the Apple ID is not yours, but you bought it, then you need to transfer your funds from the iPhone, in order to avoid theft. "Some countries have country or region restrictions on app downloads in the App Store", so users are sometimes forced to buy other people's Apple IDs. A recent research study conducted by the security agency DilationEffect has raised concerns about the potential risk of cryptocurrency theft associated with buying someone’s Apple ID. The findings suggest that individuals who gain unauthorized access to an Apple ID could exploit the recovered data to steal cryptocurrency assets from the victim’s wallet.
https://twitter.com/WuBlockchain/status/1659388868561625090The study highlights the existence of sophisticated criminal networks involved in these illegal activities, with the data on the blockchain indicating that the stolen coins have surpassed a staggering $10 million. The research brings to light a new dimension of vulnerability for cryptocurrency holders, as their digital assets could be compromised through a seemingly unrelated account, such as an Apple ID. The theft is made possible by recovering data associated with the victim’s cryptocurrency wallet from the compromised Apple ID. With this information in hand, criminals can gain access to the victim’s wallet and siphon off their funds.
The security agency’s findings underscore the growing sophistication of criminal gangs involved in cryptocurrency theft. These groups have developed mature operations, targeting unsuspecting individuals and exploiting any available vulnerabilities. The stolen funds, exceeding $10 million, demonstrate the substantial financial impact of such criminal activities.
The research has prompted a renewed focus on enhancing security measures for both cryptocurrency assets and personal accounts. It serves as a reminder for individuals to maintain robust security practices, including using strong and unique passwords, enabling two-factor authentication, and regularly updating security settings https://catcoin.com/news/apple-id-vulnerability-exposes-cryptocurrency-wallets-to-theft/I did not find a similar topic, if a similar topic has been created, I will immediately close the topic
|
|
|
I didn't find a post about this news, so it's better to be warned and be armed. The latest news says that a bot called "Zaraza bot" has been created that can steal passwords from 38 known browsers. To be precise, it seems that all these browsers are based on the Blink engine (correct me if I'm wrong about all 38).  And it is these browsers that have become the focus of attention for Russian hackers, who sell their bots through Telegram. This is sold on Telegram and uses the messenger as a command and control server (C2, C&C). "Once the program extracts login credentials from online bank accounts, cryptocurrency wallets, email accounts, and other important websites, it immediately sends all passwords and data to the Telegram bot." You may notice that the Firefox browser does not fall into the list of victims. And also think about installing Linux systems. https://www.uptycs.com/blog/zaraza-bot-credential-password-stealer
|
|
|
I'm sick of seeing members who seem to know nothing in this forum, instead of wanting to make a good contribution, actually want to trick other members of this forum, to sympathize.
Stop fooling the other members in this forum.
MaxreAfter an account under the nickname fennic commits plagiarism, and the moderators do not react to it in any way, after receiving a negative tag, he connects a second account under the nickname classicman1. With whom he successfully exchanges merits. @YOSHIE's investigation that these two accounts are alternate. https://bitcointalk.org/index.php?topic=5415701.msg61049983#msg61049983Then there is another discovery by @YOSHIE where he shows that in addition to these two accounts, there are two more previously blocked accounts. https://bitcointalk.org/index.php?topic=5415850.msg61090146#msg61090146@Nutildah now finds a post using an AI tool, and after verifying the Maxre account, you can see that it belongs to the old owner again. And also confirms his other accounts. https://bitcointalk.org/index.php?topic=5448045.msg62060049#msg62060049Obviously, this account has been bought. https://bpip.org/Profile?p=MaxreBut the owner is so stupid that he does not stop using his old social networks. https://archive.fo/Ipc9ghttps://loyce.club/archive/posts/6082/60820043.htmlhttps://archive.fo/qneS7 https://ninjastic.space/post/59412237 https://ninjastic.space/post/58234124https://ninjastic.space/addresses?address=0x6924d6086cEb27Df4256d07b672D289a537bAe05In addition, many of his posts are the most common shitposting. @YOSHIE, you were right. Stop deceiving people. I will leave him a negative tag. As well as a request to ban this account. https://bitcointalk.org/index.php?topic=5094661.msg62056782#msg62056782
|
|
|
Recently, we heard about the invention of ChatGPT. The first enthusiasm seems to end in sobriety. Realizing that the best can be the enemy of the good The news that the BlackMamba keylogger has appeared on the web is not at all rosy. This keylogger can spread over the internet and adapts to the needs of each victim. The spy collects personal information, including passwords and user card data, and it is possible that it can target crypto users, waiting for the possibility of stealing seed phrases and passwords. "The BlackMamba threat is also compatible with Windows, Linux, and even Mac, which are famous for their high security, so it is important for users on all devices to be careful." https://www.hackread.com/chatgpt-blackmamba-malware-keylogger/In addition, there is a second unpleasant story about the "successes" of ChatGPT. This tool attacks our passwords. How secure do you think your passwords are? You can check it out by following this link. https://www.homesecurityheroes.com/ai-password-cracking/
|
|
|
New article on Xenomorph malware. https://twitter.com/ThreatFabric/status/1634131991216914432?cxt=HHwWgICwyeqYza0tAAAA The Xenomorph v3 version is much more powerful than the previous ones that were previously discovered. The software targeted several banks Chase, Citibank, American Express, ING, HSBC, Deutsche Bank, Wells Fargo and other banks from around the world, as well as crypto wallets: Binance, BitPay, KuCoin, Gemini and Coinbase. "Xenomorph v3 is currently being distributed via the Zombinder platform on the Google Play Store, posing as a currency converter and switching to using the Play Protect icon after installing a malicious payload." ThreatFabric has included a list of all targeted banks in the appendix of its report, but it would be too long to present here. In addition, 13 cryptocurrency wallets, including Binance, BitPay, KuCoin, Gemini, and Coinbase, are targeted by malware.
The most noticeable addition to the latest Xenomorph version is the ATS framework, which gives hackers the ability to automatically extract credentials, monitor account balances, make transactions, and steal money from target apps without requiring them to perform remote activities.
Instead, the operator merely sends JSON scripts, which the Xenomorph interprets as a list of activities and then carries out on the infected device on its own.
According to experts at ThreatFabrics, the [ATS execution] engine utilized by Xenomorph differs from its rivals due to the range of programmable potential actions that can be included in ATS scripts and a system that permits conditional execution and action prioritization.
One of the malware’s ATS framework’s most outstanding features is its ability to record third-party authentication programs’ content, circumventing MFA (multi-factor authentication) safeguards that would otherwise prevent automated transactions.
One-time codes can be obtained from Google Authenticator by extracting the relevant codes (ThreatFabric). It concerns that Xenomorph may access authenticator applications on the same device as banks, who are gradually moving away from SMS MFA and advising consumers to use authenticator apps instead.
In addition to the aforementioned, the new Xenomorph has a cookie stealer capable of stealing cookies from the Android CookieManager, where the user’s session cookies are kept.
In order to fool the victim into providing their login information, the thief launches a browser window with the URL of a reliable service and the JavaScript interface turned on.
The threat actors steal the cookies, allowing them to hijack the victim’s web sessions and access their accounts. A significant new malware that entered the world of cybercrime a year ago was Xenomorph, an Android threat.
It is now a far bigger threat to Android users all over the world after the release of its third major version. Users who download apps via Google Play should exercise caution, read reviews, and perform background checks on the publisher because of the app’s current distribution method, the Zombinder.
https://informationsecuritybuzz.com/xenomorph-android-malware-steals-banks/
|
|
|
Another discovery of fraudulent activities was made by Korean specialists from AhnLab. The game is distributed through phishing sites or through a mailing list; it is a simple Pokémon NFT card game. After installing the game, RAT, a computer remote control virus, is installed on the victim's computer, which ultimately allows hackers to fully monitor all the victim's actions, including stealing passwords and seed phrases. Hackers have been using a fake NFT game claiming to be Pokémon-branded to spread malware to unsuspecting users, according to cybersecurity firm AhnLab. The phishing website, which is still active at the time of writing, appears to offer a legitimate NFT marketplace and the option to buy tokens and stake NFTs based on the popular Japanese media brand. However, users who download the site's content are actually installing a remote access program called NetSupport Manager that gives hackers control over their device
https://metaverse.sg/nft-news/fake-pokemon-nft-game-distributes-malwareThe remote control can be configured as the most common process on Windows, which the user will never mistake for malicious, which also applies to antivirus software, although some completely refuse to detect it. As a result, the simple truth rings again: do not open anything on the Internet, do not open attachments from strangers, and start self-education on Linux systems in order to completely abandon leaky Windows.
|
|
|
The new year began with another discovery of viruses aimed at stealing cryptocurrencies. Although the Trojan was discovered in 2021, it was not finalized then. At this time, the virus can read SMS in the victim's phones, thereby bypassing two-factor authorization. The new malware was designed to collect user data, and it is targeting primarily banking and cryptocurrency applications. Once it infects a device, the malware begins to display fake websites of regular banking and crypto apps in order to steal the login data of users. BaFin revealed that the malware is targeting around 400 banking and crypto apps, including those operating in Germany.
We also know that Godfather relies on push notifications to obtain two-factor authentication codes, and that cybercriminals can use this data to gain access to consumers’ accounts and wallets.
https://thepaypers.com/cryptocurrencies/bafin-warns-of-new-godfather-banking-and-crypto-malware--1259756
|
|
|
Avast experts have discovered malware that steals information from users of Windows systems. We’ve been closely monitoring an information stealer called ViperSoftX. They named the USA, India, Italy and Brazil among the most affected countries. This multi-stage stealer exhibits interesting hiding capabilities, concealed as small PowerShell scripts on a single line in the middle of otherwise innocent-looking large log files, among others. ViperSoftX focuses on stealing cryptocurrencies, clipboard swapping, fingerprinting the infected machine, as well as downloading and executing arbitrary additional payloads, or executing commands. One of the payloads ViperSoftX distributes is a specific information stealer in the form of a browser extension for Chromium-based browsers. Due to its standalone capabilities and uniqueness, we decided to give it its own name, VenomSoftX. The malicious extension provides full access to every page the victim visits, carries out man-in-the-browser attacks to perform cryptocurrency addresses swapping by tampering with API requests’ data on popular cryptocurrency exchanges, steals credentials and clipboard content, tampers with crypto addresses on visited websites, reports events using MQTT to the C&C server, and more.
ViperSoftX is mostly spread via cracked software such as Adobe Illustrator, Corel Video Studio, Microsoft Office, and more, commonly distributed over torrents. https://decoded.avast.io/janrubin/vipersoftx-hiding-in-system-logs-and-spreading-venomsoftx/What are we seeing? Again, Windows systems and the Chrome browser Everyone is strongly advised to start studying Linux systems and not to trust this browser and, even more, various extensions that supposedly simplify the work on the Internet.
|
|
|
I have a question, what if an old topic is raised and a discussion starts, and users actively quote the OP giving a targeted answer to his post, don't people see the date the thread was created? I'm talking about this topic. https://bitcointalk.org/index.php?topic=5397790.0Looks like she's getting another wave of spam. The question is always relevant, but people's answers look like a conversation with the void. Whoever created this thread has been blocked. Some dumb newbie recently brought up some old threads and all the users gleefully started pushing them further, completely oblivious to the date of the first post. I complained several times about necroposting, but posts are being deleted selectively. Does the forum need such topics? And how do we stop their discussion? Is it fair to complain about someone who quotes the author, knowing full well that quite a lot of time has passed? Is anyone interested in answers to a question that was asked a very long time ago?
|
|
|
|