Bitcoin Forum
June 23, 2024, 02:30:59 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
  Home Help Search Login Register More  
  Show Posts
Pages: [1] 2 3 4 5 »
1  Other / Beginners & Help / [Read]: YTStealer Malware on: July 07, 2022, 08:29:43 AM
Well in the last couple of years, we've heard that Youtube has been a target for cyber criminals as well. I think there were a period wherein a lot of accounts has been hack specially those who have a lot of subscribers and then used it to spread crypto scams, and it was a very effective method as it netted money for this cyber actors.

And so recently, there was a particular malware that is only target Youtube, called: YTStealer Malware.

Quote
YTStealer is a malware whose objective is to steal YouTube authentication cookies.

So you might ask the question, how is this malware spread?

Well, some of us who are in Youtube obviously, needs some video editing software and that's where the criminals spread it.

Quote
One of the groups is “Digital, Image, and Video software”. We found fake installers for OBS Studio, an open-source streaming software. Additionally, we identified a few video editing software installers which included Adobe Premiere Pro, Filmora, and HitFilm Express. In the audio category, we identified fake installers for digital audio workstation (DAW) applications and plugins. This included the DAWs Ableton Live 11 Suite and FL Studio. The plugins included the infamous Antares Auto-Tune Pro, but also Valhalla DSP, FabFilter Total, and Xfer Serum.

And then the next target is the gamers.

Quote
The second group is what we call “Game mods and cheats”. The games match popular games used by streamers and content creators. We identified fake installers for the FiveM Grand Theft Auto V mod, different “hacks” for Roblox, and cheats for Counter-Strike Go, and Call of Duty. A variant of the Valorant hack reported on by AhnLab earlier was also discovered. Valorant “gamers” were also targeted by a “Skin Changer”.

And in conjunction with this, the device drivers:

Quote
n this group, we found fake installers for tools such as “Driver Booster” and “Driver Easy”.

And the last group, and this is universal and "some" of us might fall in this category:

Quote
The last group is for other software and “cracks”. Here we identified anything from fake installers for security products, such as Norton Security and Malwarebytes to “token generators” and “cracks” for services such as Discord Nitro, Stepn, and Spotify Premium.

The overwhelming part of these fake installers are for pirated versions of the software, but we also see some fake installers for game mods. This finding should further stress the importance of only obtaining software from trusted sources. Only obtain software directly from the vendor or “modding” group.

For a detailed technical explanation you can read it here: https://www.intezer.com/blog/research/ytstealer-malware-youtube-cookies/

So again, we shouldn't be practicing downloading fake and crack softwares specially if you are into crypto because this is where these hackers and cyber criminals get a hold of your PC and laptop and then going into stealing all the personal data specially crypto from our machine, and once you are affected, you really don't know about it until it's too late.

2  Bitcoin / Bitcoin Discussion / Hacker claims to have stolen 1 B records of Chinese citizens, demands 10 BTC on: July 05, 2022, 10:11:07 AM
A supposedly hacker stated that he/ has stolen at least a billion of Chinese citizens record. The Shanghai National Police (SHGA) data was leaked with those information like: name, address, birthplace, national ID number, mobile number, all crime/case details.”

https://www.reuters.com/article/china-data-hack-idTRNIKBN2OF0I1

As for the veracity of the news, CZ has this to do say:



https://twitter.com/cz_binance/status/1543700689611792386

Just baffling though that the hackers is asking for just 10 BTC? Maybe he thinks that asking for me, the Chinese government or whoever agency is not going to pay him?

And let's say he did received his ransom, how can he hide it?
3  Bitcoin / Bitcoin Discussion / Peter Schiff account frozen on: July 04, 2022, 08:21:24 AM
In a twist of faith, Peter Schiff, a bitcoin opponent, and anti-crypto, had his account frozen by Puerto Rico government.



https://twitter.com/PeterSchiff/status/1543729010278113281

So he believes that bitcoin is not back by something, but the the end of the day, he yielded his money to some centralized power and now his money is frozen, how ironic it is.

It is time for him to move to bitcoin or crypto? Nah, I don't think so, he will just have to rub this though to him.  Grin
4  Other / Beginners & Help / [Read]: Raccoon is back with V2 that targets cryptocurrency wallets on: June 30, 2022, 09:43:32 AM
Raccoon Stealer 2.0 is back. It was reported that the threat actors operation suddenly stop around March 2022 as it was reported that one of it's developer was killed in the Ukraine-Russia war.

However, SEKOIA.IO, a threat research team, recently discovered that version 2.0 was already released in the wild. What makes this malware very dangerous is that it targets most if not all desktop crypto wallets including,

Quote
(MetaMask, TronLink, BinanceChain, Ronin, Exodus, Atomic, JaxxLiberty, Binance, Coinomi, Electrum, Electrum-LTC, ElectronCash, etc.);



Mode of Infection is downloading fake installers and crack softwares like:

  • F‑Secure FREEDOME VPN installer (F-Secure Freedome VPN 2.50.23.0.licensesrv.exe_KaHCr.exe)
  • R-Studio Network installer (R-Studio.v9.0.190312.licencekey.exe_v3G9m.exe)
  • Proton VPN installer (ProtonVPN.exe)

It's very dangerous to us since majority of could have been using VPN (including myself).

For a detailed technical explanation you can read it here: https://blog.sekoia.io/raccoon-stealer-v2-part-1-the-return-of-the-dead/
5  Other / Beginners & Help / [READ]: CCleaner search results spread crypto stealing malware on: June 09, 2022, 11:02:00 AM
The famous utility apps, CCleaner is now being used by cyber criminals to spread malware that steal peoples credential, including crypto assets.

Quote
This new malware distribution campaign is dubbed “FakeCrack,” and was discovered by analysts at Avast, who report detecting an average of 10,000 infection attempts every day from its customer telemetry data. Most of these victims are based in France, Brazil, Indonesia, and India.



The usual route, if you used Google search engine, then most likely you will be redirected to a malware laden website. And once you download and extract the files, then you are a victim already.

Quote
The malware also uses proxies to steal cryptocurrency market account credentials using a man-in-the-middle attack that’s very hard for the victim to detect or realize.

For a detailed technical explanation you can read it here: https://www.bleepingcomputer.com/news/security/poisoned-ccleaner-search-results-spread-information-stealing-malware/
6  Other / Beginners & Help / Elon Musk and the BitVex.org scam - You have been warned!!! on: June 02, 2022, 09:55:19 AM
I think this is the first of it's kind, criminals are faking the voice of Elon Musk, hire someone that sounds like him and the interview, but then change the words itself. But you can't really say that it's fake because the criminals took one step further to synchronize everything, from the opening and closing of his mouth and the words that are coming. Sounds comical, but this is a bold step to scam crypto investors out of their hard earn money.

https://vimeo.com/user52361365

I also urge everyone to report this video as it is circulating on Youtube just like the one below so that it will be taken down ASAP.

https://www.youtube.com/shorts/8PwAJyjFpRA


7  Other / Beginners & Help / [READ]: New Prynt Stealer Clipboard malware targets crypto wallets and others. on: May 13, 2022, 08:30:22 AM
There is a new clipboard malware/stealer in the wild, known as Prynt Stealer.

Prynt Stealer targets:

Quote
Document: pdf, rtf, doc, docx, xls, xlsx, ppt, pptx, indd, txt, json.

Database: db, db3, db4, kdb, kdbx, sql, sqlite, mdf, mdb, dsk, dbf, wallet, ini.

Source Code: c, cs, cpp, asm, sh, py, pyw, html, css, php, go, js, rb, pl, swift, java, kt, kts, ino.

Image: jpg, jpeg, png, bmp, psd, svg, ai.

Browsers:

Quote
    Chromium-based browsers
    MS Edge
    Firefox-based browsers

Files targeted by malware for stealing data:
Quote
    Web Data (for Autofill data)
    Login Data (for Login Credentials)
    History (for search history)
    Cookies (for browser Cookies)

Messaging apps target
Quote
    Discord
    Pidgin
    Telegram

Crypto wallets:
Quote
Zcash, Armory, Bytecoin, Jaxx, Ethereum, AtomicWallet, Guarda,  and Coinomi.

"Stealer queries registry for identifying the location of Blockchains such as Litecoin, Dash, and Bitcoin as shown in Figure below. It obtains the path from registry data “strDataDir” in the HKEY_CURRENT_USER\Software\Blockchain_name\ Blockchain_name-Qt registry key."




The attacks is very complicated as it uses a lot of Algo so that it won't be detected by AV softwares. Combinations of hard coded strings, AES256 and Rijndael encryption algorithm.

For a detailed technical explanation you can read it here: https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/

Let me just reiterated safety and security practices and precautions mentioned in the article:

  • Avoid downloading pirated software from warez/torrent websites. The “Hack Tool” present on sites such as YouTube, torrent sites, etc., mainly contains such malware.
  • Use strong passwords and enforce multi-factor authentication wherever possible.
  • Turn on the automatic software update feature on your computer, mobile, and other connected devices.
  • Use a reputed anti-virus and internet security software package on your connected devices, including PC, laptop, and mobile.
  • Refrain from opening untrusted links and email attachments without first verifying their authenticity.
8  Other / Beginners & Help / [Read]:New ZingoStealer infostealer targets crypto and crypto related wallets on: April 15, 2022, 10:44:14 AM
Another new info stealer is on the wild, known as ZingoStealer. And this is being released as free to members of the Haskers Gang community.

But the mode of distribution is the same: (1) code generators and cracks (2) game cheat. They even had a Youtube as disguise for a game "Counter-Strike: Global Offensive" (CSGO).



Target browsers:

Quote
Google Chrome
Mozilla Firefox
Opera
Opera GX

And what makes this dangerous is that the malware searches for extensions of crypto wallets such as:

Quote
TronLink
Nifty Wallet
MetaMask
MathWallet
Coinbase Wallet
Binance Wallet
Brave Wallet
Guarda
EQUAL Wallet
BitApp Wallet
iWallet
Wombat - Gaming Wallet

And it also searches %APPDATA%\Local and %APPDATA%\Roaming for cryptocurrency wallet data associated with the following cryptocurrencies.

Quote
Zcash
Armory
Bytecoin
Jaxx Liberty
Exodus
Ethereum
Electrum
Atomic
Guarda
Coinomi

It also queries the registry (HKCU\SOFTWARE\<VALUE>) to identify settings associated with additional cryptocurrency wallets, including:

Quote
Bitcoin
Dash
Litecoin

So overall, this malware targets cryptocurrency wallets so it's a very dangerous information stealer that is going in the wild right now.

Again as I have said before, it's better to have a different machine for your crypto related activities so that the chances of you getting this kind of malware might be lessen.

For a detailed technical explanation you can read it here: https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html
9  Bitcoin / Legal / Virgil Griffith sentenced to 63 months for helping DPKR avoid sanctions on: April 13, 2022, 02:50:08 PM
Remember Virgil Griffith? who used to work with Ethereum Foundation was sentence to 63 months for assisting North Korea with technicals how to to evade sanctions against them.

He presented it in 2019, then pleaded guilty.

Here is the full and official court documents:

https://www.justice.gov/usao-sdny/press-release/file/1222646/download

What can you say about this? is 63 months to lenient for this kind of case or his sentencing should be longer as he has assisted a known terrorist country?
10  Other / Beginners & Help / FFDroider Stealer: New malware stealer on: April 08, 2022, 08:22:03 AM
Another reason not to used your machine that you uses for crypto related to download of crack softwares and torrents and other supposedly free softwares and other games. Why because there is a new stealer malware. This malware targets social media like Twitter, Facebook and Instagram.

And this malware is known as FFDroider Stealer.

Attack cycle:



Key features of this attack:

Quote
- Steals  cookies and credentials from the victim’s machine.
- Targeting social media platforms to steal the credentials and cookies.
- The stealer signs into victims' social media platforms using stolen cookies, and   extracts account information like Facebook Ads-manager to run malicious advertisements with stored payment methods and Instagram via API to steal personal information..
-  Leverages inbound whitelisting rules in Windows Firewall allowing the malware to be copied at desired location.
- Attacker uses iplogger.org to track the infection counts.

Target Browsers:

Quote
- Google Chrome
- Mozilla Firefox
- Internet Explorer
- Microsoft Edge

So what this means for us crypto enthusiast, well we have seen such attacks in the past, this criminals take over individual social media account specially those who have a lot of followers to run their crypto scams, so everyone should be careful.

For a detailed technical explanation you can read it here: https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
11  Bitcoin / Legal / Swedish man sentenced for 15 years for gold-backed cryptocurrency scam on: July 19, 2021, 03:27:14 PM
Quote
A citizen of Sweden pleaded guilty to securities fraud, wire fraud, and money laundering charges that defrauded more than 3,500 victims of more than $16 million.

Roger Nils-Jonas Karlsson, 47, and his company, Eastern Metal Securities (EMS), was charged in a criminal complaint filed March 4, 2019, with crimes involving a scheme to defraud victims of more than $16 million. Karlsson, also known by several aliases including Steve Heyden, Euclid Deodoris, Joshua Millard, Lars Georgsson, Paramon Larasoft, and Kenth Westerberg, was arrested on June 17, 2019, in Thailand and was extradited to the United States to face the charges. A federal grand jury indicted Karlsson and EMS on July 25, 2019. Karlsson pleaded guilty to all the charges pending against him. EMS has ceased to exist.

https://www.justice.gov/opa/pr/cryptocurrency-fraudster-pleads-guilty-securities-fraud-and-money-laundering-charges-multi

Good riddance he pleaded guilty and then sentence for 15 years.

A promise of big returns so investors fall for it. The court order all his properties including a resort in Thailand so that he can pay back those investors that he had scam.

I do hope that this will be another expensive lessons specially for newbie investors not to fall for this kind of too good to be true schemes.

https://www.justice.gov/opa/pr/cryptocurrency-fraudster-sentenced-money-laundering-and-securities-fraud-multi-million-dollar
12  Other / Beginners & Help / Hotbit crypto exchange has been hacked on: May 02, 2021, 01:17:36 PM
Not sure if this has been reported in our community, but according to Hotbit's official twitter account:



https://twitter.com/Hotbit_news/status/1388115394271932417

Quote
Currently our work consists of the following two sections:

    Considering the fact that Hotbit is about to exceed 2 million registered users and has a huge service system architecture of more than 200 servers online, in order to ensure  security, Hotbit team will completely rebuild all servers;

    The attacker maliciously deleted the user database after failing to obtain assets. Although the database is routinely backed up , we are still uncertain whether the attacker has poluted data or not before the attack. . Therefore, we also need to conduct a comprehensive inspection of the overall data. Once any anomaly is detected, we will perform an accurate reconstruction to ensure that all user data is accurate.

Therefore, these two sections of work will consume a lot of time. We initially expect that the recovery period will last about 7-14 days. The estimated time of recovery will be more as all things going on, and we will update our latest progress in Hotbit communities as well.

https://hotbit.zendesk.com/hc/en-us/articles/1500008915521-

I know that this is not in the top 10 as far as exchanges goes, but they said they have 2 millions users affected by this attack. Their hot wallet is safe according to them but the hackers manage to delete their databases.

So if you have an account on this exchange, better follow their official twitter account.

Another lessons, "not your keys, not your coins" adage.
13  Economy / Scam Accusations / [Warning]: Fake Microsoft DirectX 12 site pushes crypto-stealing malware on: April 26, 2021, 12:39:53 PM


https://twitter.com/olihough86/status/1384804136617644033

Quote
Cybercriminals have created a fake Microsoft DirectX 12 download page to distribute malware that steals your cryptocurrency wallets and passwords.

Even though the site comes complete with a contact form, privacy policy, a disclaimer, and a DMCA infringement page, there is nothing legitimate about the website or the programs it distributes.

When users click on the Download buttons, they will be redirected to an external page that prompts them to download a file. Depending on whether you click on the 32-bit or 64-bit version, you will be offered a file named '6080b4_DirectX-12-Down.zip or '6083040a__Disclaimer.zip'

With the cryptocurrency craze in full swing, the malware developers also attempt to steal a wide variety of cryptocurrency wallets for Windows software, such as Ledger Live, Waves.Exchange, Coinomi, Electrum, Electron Cash, BTCP Electrum, Jaxx, Exodus, MultiBit HD, Aomtic, and Monero.

https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/


Just a heads-up guys, you may want to check everything first as cyber criminals have created this fake  Microsoft DirectX 12 download page which intentions is to install malware to our machines to steal our crypto credentials.
14  Economy / Speculation / Tim Draper: Netflix will be the next one to fall on: March 03, 2021, 10:40:23 PM
Tim Draper was a guest at "The Unstoppable Podcast Episode 15", and he was ask what he thinks will be the next Fortune 100 to invest in bitcoin, and he blurted out Netflix under Reed Hastings, who he said is a very innovative guy. So there is a possibility that he might be looking at BTC to hedge their reserve assets.

https://www.youtube.com/watch?v=M6nSWFRFTJM

Go forward 29:00, what are your thoughts about it? Will Netflix be the next one to hedge balance sheet to bitcoin?
15  Bitcoin / Bitcoin Discussion / IMF makes a pool about digital currencies and the results are in on: January 17, 2021, 09:47:30 AM


https://twitter.com/IMFNews/status/1349763276465385478

Lol, it completely backfired on them are majority knows the digital currencies are real money now.

Times has changed a lot, fiat might not as dominant as it used to be.
16  Alternate cryptocurrencies / Altcoin Discussion / Tyler Winklevoss shilling for ETH? on: January 04, 2021, 02:13:58 AM
Seems that the twins are now shilling for ETH, Lol, is this the reason why it is almost touching $1k now? Because of this tweet? Or it is on a break out run?

I'm just surprised though with his tweet, we all know that they are into BTC, but I think they have secretly tons of ETH as well.



https://twitter.com/tyler/status/1345849647013777411
17  Economy / Scam Accusations / [Scam]: Ripple.com and Fake Giveaway on: December 05, 2020, 07:14:43 AM
What happened: Ripple.com and Fake Giveaway

Website:
Code:
https://rïpple.com/insights/Ripple-Community-Update-Incentives-and-Support-for-XRP-holders/
https://rïpple.com/whitelist/register/



If you try to register you will be presented by this image, so please do not try to be register as you will be asking to connect your wallet. This is an cryllic and homograph attack, so be warned.



Archived: https://archive.is/w9tqz
Quote

Whois Record for Rïpple.com
How does this work?
Domain Profile
Registrant    REDACTED FOR PRIVACY
Registrant Org    REDACTED FOR PRIVACY
Registrant Country    us
Registrar    Key-Systems GmbH
IANA ID: 269
URL: http://www.key-systems.net
Whois Server: whois.rrpproxy.net

(p)
Registrar Status    ok
Dates    2 days old
Created on 2020-12-02
Expires on 2021-12-02
Updated on 2020-12-02    
  
Name Servers    KEYLA.NS.CLOUDFLARE.COM (has 18,165,691 domains)
SAGE.NS.CLOUDFLARE.COM (has 18,165,691 domains)
   
  
Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY

(p) (f)
IP Address    91.241.19.83 - 1 other site is hosted on this server
18  Economy / Scam Accusations / [Scam]: Another Fake Ripple Giveaway on: November 29, 2020, 09:22:16 AM
What happened: Another Fake Ripple Giveaway

Website:
Code:
http://ripplebonus.us/



Archived: https://archive.is/cFqvF

Quote
Registrant    REDACTED FOR PRIVACY (DT)
Registrant Org    GiftCompany
Registrant Country    us
Registrar    NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited
Dates    5 days old
Created on 2020-11-24
Expires on 2021-11-24
Updated on 2020-11-24    
 
Name Servers    DNS1.NAMECHEAPHOSTING.COM (has 974,062 domains)
DNS2.NAMECHEAPHOSTING.COM (has 974,062 domains)
   
 
Tech Contact    REDACTED FOR PRIVACY (DT)
GiftCompany
L.A Andersons str. 1 b 2,
Los Angeles, CA, 90020, us
(p)
IP Address    162.213.251.175 - 46 other sites hosted on this server

They are now increasing their attack on XRP because of the news of a fork.

And we can see that this fork news has been reflecting on the price it did almost touch $1 before it went downhill. But it doesn't mean that scammers are going to take a break, look at how many fake XRP giveaways we have seen in recent days.
19  Economy / Scam Accusations / [Scam]: Fake Uniswap app on: November 26, 2020, 04:22:35 AM
What happened: Fake Uniswap app

Website:
Code:
https://uniswaps.app/



Archived: https://archive.is/3irvv

Quote
Registrant    REDACTED FOR PRIVACY
Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    Namecheap Inc.
IANA ID: 1068
URL: https://www.namecheap.com/
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited
Dates    4 days old
Created on 2020-11-21
Expires on 2021-11-21
Updated on 2020-11-21    
  
Name Servers    NS1.EUROBYTE.RU (has 19,033 domains)
NS2.EUROBYTE.RU (has 19,033 domains)
NS3.EUROBYTE.RU (has 19,033 domains)
NS4.EUROBYTE.RU (has 19,033 domains)
   
  
Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    46.30.40.91 - 661 other sites hosted on this server

Do not even try to download the executable files:



Code:
Uniswap-UI-v2.0.0.exe

The real website is: https://app.uniswap.org/#/
20  Economy / Scam Accusations / [Scam] Gemini Fake Giveaway website on: November 24, 2020, 08:39:15 AM
What happened: Gemini Fake Giveaway website

Website:
Code:
https://btc-gemini.live/

Archived: https://archive.is/elZP1



This site is 3 days old, first flag and then Gemini won't do any giveaways, like doubling your BTC.

Quote
Registrant    REDACTED FOR PRIVACY
Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    NameCheap, Inc.
IANA ID: 1068
URL: https://www.namecheap.com/
Whois Server: whois.namecheap.com

(p)
Registrar Status    addPeriod, clientTransferProhibited
Dates    3 days old
Created on 2020-11-21
Expires on 2021-11-21
Updated on 2020-11-21    
 
Name Servers    DNS1.NAMECHEAPHOSTING.COM (has 968,433 domains)
DNS2.NAMECHEAPHOSTING.COM (has 968,433 domains)
   
IP Address    162.213.251.107 - 39 other sites hosted on this server
Pages: [1] 2 3 4 5 »
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!