Blockchain.info malware

[OmegaStarScream]

There are members in the forums (probably bots) spreading some Google drive links which according to them should contain Blockchain's desktop wallet.

As obvious as it is, I thought I should warn everyone that It's malware. If you see similar posts, don't download anything and make sure to report it.

[bL4nkcode]

Never saw some thread(s) that is being mentioned in OP, but if someone did, then ignore them and make sure to click the report button.

Don't ever click or download any software on that link, coz probably it contains with malware not unless it was an announcement from their official website or so.

Thanks for informing the community btw.

[cissrawk]

Yes i saw that thread in bitcoin discussion. I tried to downloaded it on my unused laptop and scan it on virustotal, it contain trojan and some other malware. Glad that thread already trashed, since i don't see it anymore in my post history.

[sunsilk]

Thanks for informing us, Id remind other members if ever someone claims that thing again. And will keep on reminding newbies that dont ever try to download any file through a google drive or any untrusted site.

I'll keep on watching them cos' they might reason out for another thing just to bait that virus.

[seoincorporation]

The malware has been decoded in the next thread: https://bitcointalk.org/index.php?topic=5083876.0

User nuno12345 makes great work and even post the addys of the thief. The malware doesn't only affect blockain.info (now blockchain.com) wallet. As we can see it steal info from:

Code:

    "permissions": [
        "activeTab",
        "tabs",
        "cookies",
        "*://github.com/*",
        "*://api.github.com/*",
        "*://exmo.me/*",
        "*://*.twitter.com/*",
        "*://*.coinbase.com/*",
        "*://qq.com/*",
        "*://*.hbg.com/*",
        "*://hitbtc.com/*",
        "*://twitter.com/*",
        "*://*.binance.com/*",
        "*://*.localbitcoins.com/*",
        "*://localbitcoins.com/*",
        "*://blockchain.com/*",
        "*://*.exmo.com/*",
        "*://cryptodraw.org/*",
        "*://exmo.com/*",
        "*://*.live.com/*",
        "*://bitfinex.com/*",
        "*://hbg.com/*",
        "*://*.yahoo.com/*",
        "*://google.com/*",
        "*://*.bitfinex.com/*",
        "*://*.hitbtc.com/*",
        "*://coinbase.com/*",
        "*://*.huobi.com/*",
        "*://*.google.com/*",
        "*://*.exmo.me/*",
        "*://huobi.com/*",
        "*://yahoo.com/*",
        "*://*.blockchain.com/*",
        "*://myetherwallet.com/*",
        "*://binance.com/*",
        "*://*.myetherwallet.com/*",
        "*://live.com/*",
        "*://*.qq.com/*"
    ],

[OmegaStarScream]

The malware has been decoded in the next thread: https://bitcointalk.org/index.php?topic=5083876.0

User nuno12345 makes great work and even post the addys of the thief. The malware doesn't only affect blockain.info (now blockchain.com) wallet. As we can see it steal info from:

As far as I know, that's an extension for Chrome while the one I'm referring to is an executable where the damage could be much worst.

[seoincorporation]

The malware has been decoded in the next thread: https://bitcointalk.org/index.php?topic=5083876.0

User nuno12345 makes great work and even post the addys of the thief. The malware doesn't only affect blockain.info (now blockchain.com) wallet. As we can see it steal info from:

As far as I know, that's an extension for Chrome while the one I'm referring to is an executable where the damage could be much worst.

Sorry for a moment i think you were talking about the same malware, looks like hackers are really motivated with bitcoin, is the easy money for them nowadays. We have to be careful with each step we make. I use linux and it makes me feel more secure, at least i don't have to care about executables.