 |
January 29, 2018, 08:26:05 PM |
|
Recently I received a telegram message telling me to install a trading bot.
It gave me a shortened url to a google drive (wow so smart) file
The file was an exe.
I downloaded and looked into it and I found out it was another Evrial Malware attempt.
It replaces clipboard btc address with the hacker's address, which is : 183rjEC75XB9zMjRQ3AYMXDbXQx98hAjHQ
Please blacklist the address from your exchanges, sites, shops, etc.
Also, this one for the media: the Evrial malware spreads via very primitive means: primarily just installing the exe. Either from clickbait or as a sideloaded application into an installer.
To test if you have the virus, you can go to any site with a lot of bitcoin addresses and start copy pasting them into text boxes. If all the copy pasted addresses appear the same way, then you have the malware. Simply remove it and test if copy pasting bitcoin addresses works properly and you're good to go.
I hope I helped, and if you wish to have a look at the malware, please pm me, I can send you the exe (as plaintext) the attacker sent me.
|
