HIVE dev got a ''secret'' virus what take controll over your computer

[minerjoen]

Jo guys,

Since yesterday is the first and hopefully the last day that some1 hacked me, i tried to warn u guys very much!

This is the explorer: https://blockexplorer.com/address/1Kh2Yuo5SLxBfCrkQuEsYNiRm7DmxfdnTM
Its about this coin / topic : https://bitcointalk.org/index.php?topic=1194096.100

It seems like every few months this dev release a coin with this sick virus inside.
This hive coin get released a few days ago, and since that moment u see many transaction, inclusive the transaction he stoled from my offline wallet:
ba98a3b895d7a8312ac94b1970fa663646b12cc0b4758b7ba7071c56a4b30d04

What i did: i read about this coin and his virus, i put a test computer online with a wallet incl 0.2 bitcoins, virus/firewall was up and running ( up to date ofc ), i used a 2nd internet connection via DSL instead of Fiber, and a router what logs everything.
After i started the wallet.exe i went away so my display went off after like 15 minutes, like 3 hours later the display turns on and i saw a mouse flying over my screen, it opened bittrex.com within 2 secs he logged in and all ( keyloggers i guess ), i turned the internet cable out of the computer.
I screened everything and destroyd the virus, when open the hive.exe ( wallet ) he create a taskmsgr.exe file in ur local roaming folder. It also know as TRAIL.

That tool give this hacker the option to remote controll your computer.

The coins are still on bittrex, BUT they are gone out of my multibit wallet ( what was encrypted with a pass, now the encrypt is GONE, so probably he didnt hack the password but just removed the encryption ( respect for that omfg )

The problem is, this is not his first time, if u look at the link ( explorer ) u see he does this every few months.
PS this is the wallet adress he used from me to transfer some coins:
1HEVJiY3oHSc88sBYYmaAECbEHZfkEJrc6 ( my wallet adres on my test computer )

[runpaint]

Any screencaps?  Anything else he did that could pinpoint his methods or identity?

[minerjoen]

Any screencaps?  Anything else he did that could pinpoint his methods or identity?

I'm busy to find that out, searching in the logs in my router if i can see a crazy connection

[Fuserleer]

Dont know why I still get surprised a the level of "douchbaggery" of some developers.....but I do 

[minerjoen]

Dont know why I still get surprised a the level of "douchbaggery" of some developers.....but I do  

The sh1t thing from this dev is, not 1 virusscanner find a virus, totalvirus not, not any program.
Only thing u download is the hive.exe, u can use and start it everything works. But on the same time he install that remote functions (u can find it in ur roaming / temp folder named tskmsgr.exe ).
Even after this and u run anti virus software or anti spyware, not 1 program find this crap.

If u look the explorer, he earned already more then 97 BTC'S!!

And then the most silly thing is that he stole bitcoins from ur pc-wallet+encrypted. So this is not a amateur virus / hacker. He know how to put a virus inside the wallet.exe, he know how to install things without let ur firewall/antivirus/antispyware rings the bell, he know how to remote it and he know how to disable encryptions.
Respect for his knowledge, because yeah he's fucking good.

The bad thing is, i dont trust all alt coins not anymore and i wont put my systems to new coins. After all i am happy i used a test system, but if i look at the explorer he destroy peoples life with doing this shit.

And i tought my 0.2btc's would be save because of the encryption, its not that i die now because it's stoled but it dont feel right. Its like 41€, not much but it's just gone in a few minutes.

[runpaint]

Is the BTC address in your signature safe?

[minerjoen]

Is the BTC address in your signature safe?

Not anymore the address in my signature is the wallet what get stoled, at least the computer with that wallet should be clean now, to be secure i installed a new one: my next adress is save now:
1126YhCxgz3wSLdnysFdDzgGuoNN5bj9S3

C:\Users\x\AppData\Local\Temp\nsqBB5.tmp
ALSO a virus what came with this hive, found it with spybot 5 min ago.

[solid12345]

No offense and I'm sorry for your loss but why do people keep buying and mining these shitcoins? I mean its gotten so lazy now this coin doesn't even have a logo. Why act so surprised?

And now there is talk of a takeover? So a day-old coin gets a takeover now? LOL

[minerjoen]

No offense and I'm sorry for your loss but why do people keep buying and mining these shitcoins? I mean its gotten so lazy now this coin doesn't even have a logo. Why act so surprised?

And now there is talk of a takeover? So a day-old coin gets a takeover now? LOL

Well that's not my point, my point is that this trojans are inside the .exe, not 1 anti virus program will find this virus, virustotal give 100% clean. Even after using the wallet not 1 program give an alarm.

So download the new multibit wallet for bitcoin and maybe u get this virus also, because not 1 program detects it u dont know it.

And yeah the loss sucks, stupid me had a multibit + encryption on the test PC with a amount of 0.2btc. But heck, he did it fast, stoled it even with the encryption..

So is ur wallet encrypted? Dont worry because this virus decrypt it. The virus can be everywhere and not only in new wallet.exe but also in other programs. So check out ur temp folder and search for a crazy .exe ( in this case tskmsgr.exe )

[minerjoen]

Please do 1 thing for me, because an antivirus will not find this......
Go to: C:\Users\x\AppData\Local\Temp and search for tskmsgr.exe (sort of a remote control application) , if u see this DELETE IT because that is 1 of the 2 parts from this virus.
the 2nd part is: C:\Users\x\AppData\Local\Temp\nsqBB5.tmp (trojan)

tskmsgr.exe is not a bad thing for an antivirus program, so that's why i think AVG / Avira / Avast / Norton / Eset 32 also did not find this 1.
The trojan (nsqbb5) has been found by spybot search&destroy.

At the moment i am searching for keyloggers on the system, this because i still dont know what happened with my multibit bitcoin wallet. It always had a encryption / password but after the hack it was just gone, so i dont know if he deleted it by using a keylogger ( i dont really think so because at the time of using the hive wallet i did not enter any password ) but i am working on this now.


PS. i changed my signature to my good new btc address. Any donations to get my 0.2btc back is welcome
Send me a pm if u send me something so i can personally thank you for this

[newb4now]

No offense and I'm sorry for your loss but why do people keep buying and mining these shitcoins? I mean its gotten so lazy now this coin doesn't even have a logo. Why act so surprised?

And now there is talk of a takeover? So a day-old coin gets a takeover now? LOL

As sad is this was for OP it is a good warning for people. Avoid using any software when you cannot verify its trustworthiness. Or at the very least run it in a VPS as a sandbox first.

[TragicMonopoly]

Sorry to hear about your loss. It could have been avoided. but all you can do now is learn from your mistakes.

Run untrusted software in its own vm, Put 2fa on everything possible, and if possible have a machine dedicated to only wallets. You dont want the host os getting taken over and the attacker having access to the vms.

Hardware wallets are another solution but few alt coins are supported.

Did I understand that right that he sent the coins to bittrex If so your best bet now is to contact bittrex. They wont be able to help much, But maybe they will freeze the jackasses account before he can withdrawal his funds

[upsidedown75]

Thanks for sharing this information with the community. i considered to install the hive wallet :/

[Drobek]

Wow, interesting, thanks for sharing!

The coins are still on bittrex, BUT they are gone out of my multibit wallet ( what was encrypted with a pass, now the encrypt is GONE, so probably he didnt hack the password but just removed the encryption ( respect for that omfg )

Would understand if he got the password from RAM or via keylogger but have no idea how encryption can be removed.. Was not able to find out any evidence this is theoretically possible either 

[qWark]

Thanks for the advice, I used hive wallet for around a year before changing to a more secured wallet.

But my main funds stay in my paper wallet where I know where's its hidden and safe.