Bitcoin Forum
December 18, 2017, 11:25:29 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Bitcoin Malware  (Read 3779 times)
Hailedllama
Newbie
*
Offline Offline

Activity: 18


View Profile
August 31, 2015, 02:25:54 PM
 #1

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley
1513596329
Hero Member
*
Offline Offline

Posts: 1513596329

View Profile Personal Message (Offline)

Ignore
1513596329
Reply with quote  #2

1513596329
Report to moderator
1513596329
Hero Member
*
Offline Offline

Posts: 1513596329

View Profile Personal Message (Offline)

Ignore
1513596329
Reply with quote  #2

1513596329
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1513596329
Hero Member
*
Offline Offline

Posts: 1513596329

View Profile Personal Message (Offline)

Ignore
1513596329
Reply with quote  #2

1513596329
Report to moderator
1513596329
Hero Member
*
Offline Offline

Posts: 1513596329

View Profile Personal Message (Offline)

Ignore
1513596329
Reply with quote  #2

1513596329
Report to moderator
1513596329
Hero Member
*
Offline Offline

Posts: 1513596329

View Profile Personal Message (Offline)

Ignore
1513596329
Reply with quote  #2

1513596329
Report to moderator
Hailedllama
Newbie
*
Offline Offline

Activity: 18


View Profile
August 31, 2015, 02:42:57 PM
 #2

it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER


hope it helps this malware is being sold for $1.10 in bitcoin
Snorek
Legendary
*
Offline Offline

Activity: 1302



View Profile
August 31, 2015, 03:25:11 PM
 #3

it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER


hope it helps this malware is being sold for $1.10 in bitcoin
You mean that you can have your own version of this Malware with your own address for $1. That's sick. I was worried about new kind of malwares and viruses associated with bitcoin and here they are.
So far I know about this Malware changing address and another that encodes data on your disks and then want bitcoin to decypher it. New technologies, new threats.
Aggressor66
Hero Member
*****
Offline Offline

Activity: 728



View Profile
August 31, 2015, 03:37:18 PM
 #4

Malwarebytes’ Anti-Malware is currently one of the most successful tools at identifying and removing the types of malware that we’re talking about here.
It’s not really a replacement for anti-virus software but in cases of infection, it has a pretty darn good track record.
Download the free version, install and run it, and then see what it turns up.
LiteCoinGuy
Legendary
*
Offline Offline

Activity: 1148


In Satoshi I Trust


View Profile WWW
August 31, 2015, 03:47:50 PM
 #5

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

it is safer to store your coins on a hardware wallet:

https://bitcointalk.org/index.php?topic=899253.0

tadakaluri
Hero Member
*****
Offline Offline

Activity: 616



View Profile WWW
August 31, 2015, 04:17:57 PM
 #6

it happened to me about a hour ago but heres a guide on how to get rid of it if it is on your pc
10
Remove the malware
Finally remove it from your computer:
1.
Start Windows Task Manager and terminate the Chrome32.exe or
AcroRd32.exe process!
2.
Go to %appdata% in your file browser.
3.
Delete AppData/Roaming/Adobe (x86) folder.
4.
Delete AppData/Local/Google (x86) folder.
If you don't terminate the malware manually, as it is described
in the first point you can't delete one of the folder.
If you've deleted the Adobe folder it won't start again on your
computer, so you're good, but to completly remove it you have to
do one more thing:

Start the Registry Editor (regedit) and delete our software from
"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru
n"
If you don't find it, check HKEY_LOCAL_MACHINE instead of
HKEY_CURRENT_USER


hope it helps this malware is being sold for $1.10 in bitcoin

Thank you very much for the valuable information.  I need to check my PC and gadgets, is they already infected with this Malware or not? Once again thank you very much for this information.
nero987
Sr. Member
****
Offline Offline

Activity: 256



View Profile
August 31, 2015, 04:23:44 PM
 #7

This is arround for some time already...
It first came up on Evo market arround 1 month before the exit scam.
I have the source code of v1.3 here.
Before you compile the malware you set some parameters, which include the process name.
In Snorek's "examples" its Chrome32.exe or AcroRd32.exe, but it can be literally everything.

About anti malware:
The program does not make any connection to the internet, for this reason it is almost never picked up by anti-virus/malware software.
When a particular compilation of the malware (with particular process name) is reported to an antivirus database, only that version will be picked up by av's...
There are some av's that notice that part of the code is comparable to know malware, but thats only a minority of the av's....


damn, practice your english nero!

edit: I'm not selling/sharing the source code, neither sharing any detailled information how it actually works!

LuckyBit is BADASS! They have awesome giveaways, a great community, and the most fun gambling experience on the internet!
Main ThreadAffiliate CampaignMake Your Own GameWin Up to BTC 110 TODAY ! ! !Report signature abuse
kingcolex
Legendary
*
Offline Offline

Activity: 1316



View Profile
August 31, 2015, 04:25:55 PM
 #8

Malwarebytes’ Anti-Malware is currently one of the most successful tools at identifying and removing the types of malware that we’re talking about here.
It’s not really a replacement for anti-virus software but in cases of infection, it has a pretty darn good track record.
Download the free version, install and run it, and then see what it turns up.
Definitely should be one of the pieces of software you have especially if you aren't currently running a hardware wallet. Don't lose your coins by being lazy!

ikydesu
Hero Member
*****
Offline Offline

Activity: 686

fb.com/Bitky.shop | Bitcoin Merch!Premium Quality!


View Profile WWW
August 31, 2015, 07:32:07 PM
 #9

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

There are a lot malware out there come from related bitcoin service. I personally always check and scanned the site first when i want to visit, especially with a site which strange or fishy for me. This some tips for make your PC secure and avoid any virus/malware: https://bitcointalk.org/index.php?topic=203876.0
Mickeyb
Hero Member
*****
Offline Offline

Activity: 798

Move On !!!!!!


View Profile
August 31, 2015, 08:33:38 PM
 #10

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

it is safer to store your coins on a hardware wallet:

https://bitcointalk.org/index.php?topic=899253.0

Doesn't this malware work even if you use a Trezor for example? I guess that people should be always careful and double check. MyTrezor Web wallet works in the browser as well.

The truth of the matter is that everybody should be double checking are addresses changed. If anybody  can have a copy of this malware for a $1, this means that this malware can become very widespread.
kingcolex
Legendary
*
Offline Offline

Activity: 1316



View Profile
August 31, 2015, 08:35:28 PM
 #11

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

it is safer to store your coins on a hardware wallet:

https://bitcointalk.org/index.php?topic=899253.0

Doesn't this malware work even if you use a Trezor for example? I guess that people should be always careful and double check. MyTrezor Web wallet works in the browser as well.

The truth of the matter is that everybody should be double checking are addresses changed. If anybody  can have a copy of this malware for a $1, this means that this malware can become very widespread.
If it is widespread the big boy wallets will make sure to go ahead and update themselves to be unaffected by it, hopefully quickly.

Meuh6879
Legendary
*
Offline Offline

Activity: 1456



View Profile
August 31, 2015, 08:38:48 PM
 #12

Chrome is the malware.


it seems logical ...  Grin
Gyfts
Legendary
*
Offline Offline

Activity: 986


View Profile
August 31, 2015, 08:45:38 PM
 #13

Important to note that there are countless types of malware that can infect your PC and steal your wallet.  A virus that copies and pastes the wrong address seems like something that would be easy to catch, at least for me as I double check addresses before sending. Keyloggers are probably the most notable or taking people's bitcoin, or RATs. Both are very easy to steal Bitcoin while the owner of the wallet is away from their computer and unaware of their PC being infected.
kingcolex
Legendary
*
Offline Offline

Activity: 1316



View Profile
August 31, 2015, 08:54:09 PM
 #14

Important to note that there are countless types of malware that can infect your PC and steal your wallet.  A virus that copies and pastes the wrong address seems like something that would be easy to catch, at least for me as I double check addresses before sending. Keyloggers are probably the most notable or taking people's bitcoin, or RATs. Both are very easy to steal Bitcoin while the owner of the wallet is away from their computer and unaware of their PC being infected.
Luckily Trezor says the address on the device as well and you have to confirm twice to send the coin, hopefully that is enough for those who are infected but use a hardware wallet.

Hailedllama
Newbie
*
Offline Offline

Activity: 18


View Profile
August 31, 2015, 09:49:24 PM
 #15

im glad i could help everyone but just because your internet security says its ok still be cautious because there are ways around internet security. There is alot of software like this being sold for like $2-$5 some even give it out for free so be careful
Carlton Banks
Legendary
*
Offline Offline

Activity: 1848



View Profile
August 31, 2015, 09:58:17 PM
 #16

Linux.

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.

Vires in numeris
kingcolex
Legendary
*
Offline Offline

Activity: 1316



View Profile
August 31, 2015, 10:00:25 PM
 #17

Linux.

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.
If you are looking for a linux version that has a windows feel I suggest Linux Mint, you can use wine for most windows programs but games have a lot of compatibility issues.

Don't forget linux is free :http://www.linuxmint.com/

Hailedllama
Newbie
*
Offline Offline

Activity: 18


View Profile
August 31, 2015, 10:01:33 PM
 #18

i would love to use linux but my wifi stick doesnt have the drivers for linux
kingcolex
Legendary
*
Offline Offline

Activity: 1316



View Profile
August 31, 2015, 10:06:02 PM
 #19

i would love to use linux but my wifi stick doesnt have the drivers for linux
That is a seriously cheap fix, http://www.amazon.com/Kootek-Raspberry-Wifi-Dongle-Adapter/dp/B00FWMEFES/ref=sr_1_2?ie=UTF8&qid=1441058725&sr=8-2&keywords=linux+wifi+adapter

I have used that one myself and it works fine for standard internet use.

Hailedllama
Newbie
*
Offline Offline

Activity: 18


View Profile
August 31, 2015, 10:08:03 PM
 #20

Damn that looks good i would buy it but i just lost my money to this stupid malware  Angry
Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!