reminder: don't trust antivirus

[mcdouglasx]

I was installing an antivirus on a friend's computer and I came across malware especially focused on stealing private keys, either with copy-paste, and with data collection, login files, wallet.dat.
My friend doesn't have bitcoin, fortunately for him.

but I took on the task of analyzing it and managed to extract part of the code.

I scanned it with virustotal, and it's full of red flags.

https://www.virustotal.com/gui/file/4e7ad092f832e4765fc18a975d36a8ed00f4771dcde850213e46536da2c1563a/detection

then modify the script, as follows......(I won't say it, I won't contribute to the internet garbage, I'm poor but honest).

I tested it and it worked.

Anyway, after modifying and recompiling it, virustotal does not detect it as a virus, only Bkav Pro marks it as unsafe because it is an unsigned executable(false positive).


https://www.virustotal.com/gui/file/6e04c245bec6db58d6f13e59638a16489e133c42b3fb45692336a5ed0b6684fd/detection

The moral is that antiviruses are not trustworthy.

prepare your transactions on a offline computer , use a QR generator to send the transaction to your mobile (to avoid using USB with data collection malware).

Those simple steps could save you a headache.

this is by educational proposal, please, don't ask me to tell you how to avoid antivirus, do not offer me money for the code, this post is only to raise awareness, Any attempt will be reported.

[chmod755]

Harden your system before you're using crypto

Enable 2FA for exchanges, your e-mail accounts, etc.

Store your long-term savings on hardware wallets.

Delete inactive accounts on various websites that you're no longer using so that your personal information cannot be stolen.

Be careful about links in e-mails and unsolicited Telegram, WhatsApp, whatever chat contacts.

Create a wallet with just $10 in it in case someone is trying to harm you physically ($5 wrench attack)

[digaran]

What is the name of this antivirus? You know security companies specialized in cybersecurity would hire talented people, you just have to work your way up the ladder, definitely not in off topic section, visit cyber security forums and see if anyone is interested to your findings.

[jrrsparkles]

Antivirus is an application to can resist known malware and other potentially harmful files for the device and also features available that keep scanning for their backdoor activities but you can't completely rely on them and installing anti-virus doesn't mean your system is 100% secured further.

[boyptc]

Remember that there's this belief on who creates the viruses and the antidotes? They're both the same people if you've watched it somewhere from various movies, etcs.

But some of these antiviruses are truly good in giving us notifications on which apps should be avoided based on the contents of it. They're detecting it and that's a good help.

If someone randomly downloads on the web named "antivirus" in general, a lot of unknown names in the antivirus field might be suggested made by cons.

[Brijuek Bukah Boh]

I was installing an antivirus on a friend's computer and I came across malware especially focused on stealing private keys, either with copy-paste, and with data collection, login files, wallet.dat.
My friend doesn't have bitcoin, fortunately for him.

but I took on the task of analyzing it and managed to extract part of the code.

I scanned it with virustotal, and it's full of red flags.

https://www.virustotal.com/gui/file/4e7ad092f832e4765fc18a975d36a8ed00f4771dcde850213e46536da2c1563a/detection

then modify the script, as follows......(I won't say it, I won't contribute to the internet garbage, I'm poor but honest).

I tested it and it worked.

Anyway, after modifying and recompiling it, virustotal does not detect it as a virus, only Bkav Pro marks it as unsafe because it is an unsigned executable(false positive).


https://www.virustotal.com/gui/file/6e04c245bec6db58d6f13e59638a16489e133c42b3fb45692336a5ed0b6684fd/detection

The moral is that antiviruses are not trustworthy.

prepare your transactions on a offline computer , use a QR generator to send the transaction to your mobile (to avoid using USB with data collection malware).

Those simple steps could save you a headache.

this is by educational proposal, please, don't ask me to tell you how to avoid antivirus, do not offer me money for the code, this post is only to raise awareness, Any attempt will be reported.

Very rarely use antivirus, the point is not to download suspicious files, for example rar files and remember the size only. Unless I use the tool when installing pplugin only

[AndyGryffindor]

Also don't trust a certain VPN that mines CC with your hardware in the background. Rhymes with bored DPN...

[Natsuu]

Antivirus is an application to can resist known malware and other potentially harmful files for the device and also features available that keep scanning for their backdoor activities but you can't completely rely on them and installing anti-virus doesn't mean your system is 100% secured further.

Right. While antivirus software plays a crucial role in protecting against many threats, it's not foolproof. Also, they might not catch newly emerging or sophisticated threats immediately so they need regular updates.
OP is right, we should not rely to antivirus solely. They may not detect 100%, we still have to be cautious. Not because we have antivirus, we’ll be careless.
There are actually fake antivirus programs that create fake security alerts and pop-ups to trick users into believing their computers are infected.

[jrrsparkles]

Antivirus is an application to can resist known malware and other potentially harmful files for the device and also features available that keep scanning for their backdoor activities but you can't completely rely on them and installing anti-virus doesn't mean your system is 100% secured further.

Right. While antivirus software plays a crucial role in protecting against many threats, it's not foolproof. Also, they might not catch newly emerging or sophisticated threats immediately so they need regular updates.
OP is right, we should not rely to antivirus solely. They may not detect 100%, we still have to be cautious. Not because we have antivirus, we’ll be careless.
There are actually fake antivirus programs that create fake security alerts and pop-ups to trick users into believing their computers are infected.

If the device is connected to the internet then we never may say the device is 100% safe that is why it is important to install the crypto assets in an air-gapped device(s) or hardware wallet that will not expose the details to the device even if it's affected by malware.