Bitcoin Forum
December 11, 2017, 06:22:22 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: Bitcoin Malware  (Read 3769 times)
Carlton Banks
Legendary
*
Offline Offline

Activity: 1848



View Profile
August 31, 2015, 10:19:37 PM
 #21

Linux.

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.
If you are looking for a linux version that has a windows feel I suggest Linux Mint, you can use wine for most windows programs but games have a lot of compatibility issues.

Don't forget linux is free :http://www.linuxmint.com/

Yes, Mint is excellent for new Linux users, it's really easy to install and is very forgiving when it comes to using peripherals with it. At least compared to other Linux distros anyway.



Be careful everybody with Linux if you have a brand new, latest Intel chip computer. Sometimes the newest hardware isn't supported properly yet, so either wait till the hardware is 6 months or so old, or wait that long till you try Linux on it. Or you could be brave  Cheesy It is a brave move, though.

Vires in numeris
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Jeremycoin
Hero Member
*****
Offline Offline

Activity: 798


𝓗𝓞𝓓𝓛


View Profile
August 31, 2015, 10:41:32 PM
 #22

Wow that could be a serious problem, but I always checked twice when I want to send a Bitcoin.

zero01
Member
**
Offline Offline

Activity: 98


View Profile
August 31, 2015, 10:49:13 PM
 #23

thank you for the information you provided
I would be more careful
rinhunter
Hero Member
*****
Offline Offline

Activity: 812



View Profile
August 31, 2015, 10:53:06 PM
 #24

Wow that could be a serious problem, but I always checked twice when I want to send a Bitcoin.

Great, so we as users have to remain cautious.
very serious, for those who frequently send BTC in large amount.

          ▄▄██▄▄
      ▄▄██████████▄▄
  ▄▄██████████████████▄▄
██████████████████████████
██████████████████████████
██████████████████████████
██████████████████████████
██████████████████████████
██████████████████████████
██████████████████████████

  ▀▀██████████████████▀▀
      ▀▀██████████▀▀
          ▀▀██▀▀
Cypher▄▄
████▄▄
████████
▀▀██████

▄▄░░▀▀██
████▄▄
████████
▀▀██████

▄▄░░▀▀██
████▄▄
████████
▀▀██████
░░░░▀▀██
..GEO-LOCATION DISCOVERY GAME..
▬▬▬▬▬▬▬▬▬    PRE-SALE    October 1st, 2017   ▬▬▬▬▬▬▬▬▬
      ▄▄
  ▄▄████
████████
██████▀▀
██▀▀░░
▄▄
  ▄▄████
████████
██████▀▀
██▀▀░░
▄▄
  ▄▄████
████████
██████▀▀
██▀▀░░░░
Coinshot
Hero Member
*****
Offline Offline

Activity: 523


View Profile
August 31, 2015, 11:42:25 PM
 #25

Just wanted to add this; Sometimes mallwares makes additional registry entry to both CurrentVersion\Run" and CurrentVersion\RunOnce"
So it's best to check both, because one can copy the instance back to every registry entry, forcing you back to square one.


██████████████████████████████████████████████████████████████████████████████████████████████
██████████████████████████████████████████████████████████████████████████████████████
███████████████████████████████████████████████████████████████████████▄▄▄███████████████████████
███████████████████████████████████████████████████████████████████████▀▀▀████████████████████████
██████████████████████████████████████████████████████████████████████████████████████████████████
█████████████████████████████████████████████████████████████████████████████████████████████████



...INTRODUCING WAVES........
...ULTIMATE ASSET/CUSTOM TOKEN BLOCKCHAIN PLATFORM...






cellard
Legendary
*
Offline Offline

Activity: 854


View Profile
August 31, 2015, 11:54:44 PM
 #26

So can someone tell me what the source of the malware is? Is it something that infects chrome? In that case im safe? I use Mozilla firefox. Thanks for the heads up anyway.

       ▀
   ▄▄▄   ▄▀
   ███ ▄▄▄▄  ██
       ████
    ▄  ▀▀▀▀
▄▄
      ██    ▀▀
██▄█▄▄▄████████
▄▄▄▄▄▄▄▄▀▀███▀▀▀
██████████████████
████▄▀▄▀▄▀███▀▀▀▀▀
████▄▀▄▀▄▀███ ▀
████▄▀▄▀▄▀████████
▀█████████████████
]
,CoinPayments,
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
█████
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████ ██
█████
kingcolex
Legendary
*
Offline Offline

Activity: 1316



View Profile
August 31, 2015, 11:56:58 PM
 #27

Linux.

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.
If you are looking for a linux version that has a windows feel I suggest Linux Mint, you can use wine for most windows programs but games have a lot of compatibility issues.

Don't forget linux is free :http://www.linuxmint.com/

Yes, Mint is excellent for new Linux users, it's really easy to install and is very forgiving when it comes to using peripherals with it. At least compared to other Linux distros anyway.



Be careful everybody with Linux if you have a brand new, latest Intel chip computer. Sometimes the newest hardware isn't supported properly yet, so either wait till the hardware is 6 months or so old, or wait that long till you try Linux on it. Or you could be brave  Cheesy It is a brave move, though.
I always do a dual boot solution until I am comfortable with the hardware working with the distro, this is definitely a good way to get introduced to linux as well.

Habeler876
Hero Member
*****
Offline Offline

Activity: 624



View Profile
September 01, 2015, 12:04:45 AM
 #28

So can someone tell me what the source of the malware is? Is it something that infects chrome? In that case im safe? I use Mozilla firefox. Thanks for the heads up anyway.

I can't say for sure in this case, but mostly people get infected with mallware binded to some legit .exe, or via Java-drive-by. In either case both browsers are not to blame,
since it's not an exploit of sorts, but rather a diversion (jdb mostly asks you to update codecs, or update java version.. etc)

maokoto
Hero Member
*****
Offline Offline

Activity: 770


✪ NEXCHANGE | BTC, LTC, ETH & DOGE ✪


View Profile WWW
September 01, 2015, 01:07:40 AM
 #29

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.


RGBKey
Hero Member
*****
Offline Offline

Activity: 574


Cypherpunk|Crypto Nerd|Provably Fair Verifier


View Profile WWW
September 01, 2015, 01:10:14 AM
 #30

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.


I mean honestly that's not really that genius. Anyone that knows windows programming can check every time something is copied to the clipboard, see if it's a bitcoin address and then replace it with their own.

Carlton Banks
Legendary
*
Offline Offline

Activity: 1848



View Profile
September 01, 2015, 01:11:27 AM
 #31

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.



Don't just check the address you're sending to, check the change address for that transaction also, it too can be substituted for an attacker's address.

Vires in numeris
nero987
Sr. Member
****
Offline Offline

Activity: 256



View Profile
September 01, 2015, 06:17:27 AM
 #32

So can someone tell me what the source of the malware is? Is it something that infects chrome? In that case im safe? I use Mozilla firefox. Thanks for the heads up anyway.

It has nothing to do with chrome itself. The first version of this malware that was sold advised to use "chrome.exe" as process name, because it would look least suspicious (as long as you do have chrome on your pc Tongue).
Meanwhile there are dozens of "new" versions of this malware with other process names then "chrome.exe".
This malware is mostly injected in a pdf!

The copied address gets replaced 5-15% of the times an adress is copied.
The first 3-6 characters of the "new" address will be the same as the first characters of the originally copied address.

LuckyBit is BADASS! They have awesome giveaways, a great community, and the most fun gambling experience on the internet!
Main ThreadAffiliate CampaignMake Your Own GameWin Up to BTC 110 TODAY ! ! !Report signature abuse
S4VV4S
Hero Member
*****
Offline Offline

Activity: 658



View Profile
September 01, 2015, 07:32:15 AM
 #33

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.


I mean honestly that's not really that genius. Anyone that knows windows programming can check every time something is copied to the clipboard, see if it's a bitcoin address and then replace it with their own.

That is true, but it's usually the simple things in life that work better Wink

███████████████████████████████████████████████████
██████████████████████████████████████████████████

     ▄▄▄▄▄▄▄▄▄            █     ███           ███   ▄▄▄          █          ▄▄▄▄▄▄▄▄▄▄▄▄
   ▄███████████▄         ███     ███         ███    ███         ███         ██████████████▄
 ▄███▀       ▀█▀        █████     ███       ███     ███        █████        ███        ▀▀███
▄██▀                   ███ ███     ███     ███      ███       ███ ███       ███          ███
███                   ███   ███     ███   ███       ███      ███   ███      ███        ▄▄███
███                  ███     ███     ███ ███        ███     ███     ███     ██████████████▀
▀██▄                ███       ███     █████         ███    ███       ███    ███▀▀▀▀▀███▄
 ▀███▄       ▄█▄   ███         ███     ███          ███   ███         ███   ███      ▀███▄
   ▀███████████▀  ███           ███     █           ███  ███           ███  ███        ▀███▄
     ▀▀▀▀▀▀▀▀▀   ███
                ███
▌  .
flock123
Member
**
Offline Offline

Activity: 98


View Profile
September 01, 2015, 07:48:50 AM
 #34

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

Thanks for sharing this info. It is amazing the genius of malware programmers ... changing the copied address.... shocking.


I mean honestly that's not really that genius. Anyone that knows windows programming can check every time something is copied to the clipboard, see if it's a bitcoin address and then replace it with their own.

That is true, but it's usually the simple things in life that work better Wink
I think also that, if it wants to avoid malware such, we must also have a strong security system in our computer
neoneros
Sr. Member
****
Offline Offline

Activity: 448


I can draw your avatar!


View Profile WWW
September 01, 2015, 08:42:31 AM
 #35

i recently found a malware that changes bitcoin addresses when copied to the hackers address so just watch out and check to make sure that the bitcoin address you copy comes out the same when you paste it  Smiley

it is safer to store your coins on a hardware wallet:

https://bitcointalk.org/index.php?topic=899253.0

it is, but sometimes you need to pay for something online, you need to copy the addresses, it might be easier to check and find the flaw, but it is still a risk that the address sending too is changed when copy-pasted.

Thanks for the warning, do scan my devices regularly, not just for the bitcoin, better safe than sorry.

RustyNomad
Sr. Member
****
Offline Offline

Activity: 336



View Profile WWW
September 01, 2015, 08:52:23 AM
 #36

Thanks to OP for the warning and reminding us that we are all targets in one way or another.

Guess we will see more and more of this kind of malware and even more so when the bitcoin price is high again.

Just glad I'm using a Trezor but there are still times where I just copy an address from Electrum (Trezor watch only wallet) to paste it into a website. Will make a point in future to double check addresses and not just the first 3 and last 3 characters as I usually do.
louise123
Sr. Member
****
Offline Offline

Activity: 336



View Profile
September 01, 2015, 08:55:34 AM
 #37

I will assume that the OP ran an executable that was from an untrustworthy supplier.
Why do people do that?

I am really curious to know the reason the OP ran that executable.
What was it disguised as?
What was it meant to be instead of a malware?

███████████████████████████████████████████████████
██████████████████████████████████████████████████

     ▄▄▄▄▄▄▄▄▄            █     ███           ███   ▄▄▄          █          ▄▄▄▄▄▄▄▄▄▄▄▄
   ▄███████████▄         ███     ███         ███    ███         ███         ██████████████▄
 ▄███▀       ▀█▀        █████     ███       ███     ███        █████        ███        ▀▀███
▄██▀                   ███ ███     ███     ███      ███       ███ ███       ███          ███
███                   ███   ███     ███   ███       ███      ███   ███      ███        ▄▄███
███                  ███     ███     ███ ███        ███     ███     ███     ██████████████▀
▀██▄                ███       ███     █████         ███    ███       ███    ███▀▀▀▀▀███▄
 ▀███▄       ▄█▄   ███         ███     ███          ███   ███         ███   ███      ▀███▄
   ▀███████████▀  ███           ███     █           ███  ███           ███  ███        ▀███▄
     ▀▀▀▀▀▀▀▀▀   ███
                ███
▌  .
nero987
Sr. Member
****
Offline Offline

Activity: 256



View Profile
September 01, 2015, 10:54:02 AM
 #38

I will assume that the OP ran an executable that was from an untrustworthy supplier.
Why do people do that?

I am really curious to know the reason the OP ran that executable.
What was it disguised as?
What was it meant to be instead of a malware?


Like I've mentionned above, this particular part of malware is mostly distributed through pdf's...

LuckyBit is BADASS! They have awesome giveaways, a great community, and the most fun gambling experience on the internet!
Main ThreadAffiliate CampaignMake Your Own GameWin Up to BTC 110 TODAY ! ! !Report signature abuse
Carlton Banks
Legendary
*
Offline Offline

Activity: 1848



View Profile
September 01, 2015, 11:37:01 AM
 #39

I will assume that the OP ran an executable that was from an untrustworthy supplier.
Why do people do that?

I am really curious to know the reason the OP ran that executable.
What was it disguised as?
What was it meant to be instead of a malware?


Like I've mentionned above, this particular part of malware is mostly distributed through pdf's...

There's a safe .pdf reader in the OS I use (https://qubes-os.org). It converts the vector data in the .pdf into a bitmap, and deletes the original .pdf, along with all the scripting that can secrete any malware. Linux only.  

Vires in numeris
Amph
Legendary
*
Offline Offline

Activity: 1722



View Profile
September 01, 2015, 11:40:24 AM
 #40

Linux.

No anti-this and anti-that software. Ditch Windows and use Linux, you'll avoid most of these types of attacks.

or simply don't download random stuff from the web, problem solved, i still have my hot wallet intact, since years, and no malware has stole anything from my desktop

malware do not infect your pc without you doing something wrong
Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!