Bitcoin Forum
September 22, 2019, 11:23:55 PM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Beware from this malware.  (Read 346 times)
Mashfiqun
Jr. Member
*
Offline Offline

Activity: 44
Merit: 3


View Profile WWW
February 24, 2019, 09:42:37 AM
Merited by DdmrDdmr (2)
 #1

Just yesterday I was going to send some bitcoins to my friends address. He gave me his address, I copied it and went to send on my wallet. Suddenly I saw the address my friend gave me started with 3 but the address I pasted to send the transaction started with 1. I then copied other wallet addresses and pasted on notepad. And everytime it was another new address. This was some kind of clipboard hacking. Some kind of malware came into my laptop and started to do these. I think using faucets and other nsfw sites might have done this.
I scanned with my antivirus and MalwareBytes and it was resolved. But I wanted more safety so I did a full Windows re-installation.

Always try to avoid faucets with a lot of ads, don't click anything stupid, don't download anything unwanted.
And always double check addresses before sending any transaction.
Peace.
1569194635
Hero Member
*
Offline Offline

Posts: 1569194635

View Profile Personal Message (Offline)

Ignore
1569194635
Reply with quote  #2

1569194635
Report to moderator
1569194635
Hero Member
*
Offline Offline

Posts: 1569194635

View Profile Personal Message (Offline)

Ignore
1569194635
Reply with quote  #2

1569194635
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1569194635
Hero Member
*
Offline Offline

Posts: 1569194635

View Profile Personal Message (Offline)

Ignore
1569194635
Reply with quote  #2

1569194635
Report to moderator
1569194635
Hero Member
*
Offline Offline

Posts: 1569194635

View Profile Personal Message (Offline)

Ignore
1569194635
Reply with quote  #2

1569194635
Report to moderator
1569194635
Hero Member
*
Offline Offline

Posts: 1569194635

View Profile Personal Message (Offline)

Ignore
1569194635
Reply with quote  #2

1569194635
Report to moderator
jademaxsuy
Member
**
Offline Offline

Activity: 532
Merit: 23

★777Coin.com★ Fun BTC Casino!


View Profile WWW
February 24, 2019, 10:05:18 AM
 #2

Hacking your clipboard is possible, instead of pasting the address you just copied recently but the address you'll paste os different which happen in your situation. You did well in cleaning your laptop by reinstalling your operating system which help cleaning your laptop. Some anti-viruses can't detect all viruses.

Jating
Hero Member
*****
Offline Offline

Activity: 1232
Merit: 553


WOLF.BET - Provably Fair Dice Game


View Profile
February 24, 2019, 10:06:11 AM
 #3

This is what you call copy-and-paste virus:

Copy-Paste Virus For Bitcoin Users -- Beware!!!
affected by bitcoin Copy paste viruses

You're lucky that you didn't send the bitcoin right away, otherwise it's goodbye. I'm sure you learn your lessons already so next time just be careful.

.WOLF.BET.
▀  ▀▀▀▀▀▀
  ▀ ▀▀▀
 ▄ ▄▄▄  
  ▄ ▄▄▄
▄  ▄▄▄▄▄▄
        ▄▄▄▀▀▀▀▄▄▄
    ▄███▌        ▀▀▄
  ▄▀   ▐█████████▄  ▀▄
 ▄▀  ▄█████████████▄  █
 ▌  █████████████████  █
▐  ████████████████ ▄█
█  █████████████████████▌
▐  ██████████████████ ▀█▌
 ▌ ▐█████████████████▌ ▐▀
 █  ██████████████▀ ▄▀
  █   ███████████▀  ▄▀
   ▀▄▄██ ▀▀▀▀▀▀▀  ▄▄▀
     ▀██▄▄▄▄▄▄▄▄▀▀▀
▄███████████▄
███████    ████████████▄
███████    ███████   ▀██
██████████████████    ██
██    ██████████████████
██    ███████    ███████
█████████████    ███████
███████    █████████████
███████    ███████    ██
██████████████████   ▄██
██        ▀███████████▀
██
██
      ▄█▄         ▄█▄
 ▄██ ███ ███████ ███ ██▄
▐███▄ ▀ ▄███████▄ ▀ ▄███▌
▐█▌▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▐█▌
▐█▌   ▄▄▄▄▄▄▄▄        ▐█▌
▐█▌   ████████        ▐█▌
▐█▌       ███     ▄▄▀▀▀██▄
▐█▌      ███    ██▀      ▀█
▐█▌     ███    ███         █
▐█▌    ███     ███          █
 ██▄           ███▄         █
  ▀█████████████████▄     ▄█
                  ▀▀█████▀▀

████
██
██
██
██
██
██
██
██
██
██
████


.AFFILIATE PROGRAM.
   ...FREE FAUCET........
..CHAT RAIN.............
UserU
Member
**
Offline Offline

Activity: 336
Merit: 26

Best VGO and Bitcoin Sites @ VGOSKINZ.COM


View Profile WWW
February 24, 2019, 10:22:53 AM
 #4

Did you install some browser extensions recently? Usually these are able to hijack your clipboard.

Mashfiqun
Jr. Member
*
Offline Offline

Activity: 44
Merit: 3


View Profile WWW
February 24, 2019, 10:32:45 AM
 #5

Did you install some browser extensions recently? Usually these are able to hijack your clipboard.
No, just metamask is there.
jademaxsuy
Member
**
Offline Offline

Activity: 532
Merit: 23

★777Coin.com★ Fun BTC Casino!


View Profile WWW
February 24, 2019, 10:34:58 AM
 #6

Did you install some browser extensions recently? Usually these are able to hijack your clipboard.
I think the op did install a browser extension which is the reason why the clipboard can be easily hijack by hackers. Browsers are the first step that the hacker can invade your devices through extensions and downloading unknown files or through pop-up ads.

ryap12
Member
**
Offline Offline

Activity: 560
Merit: 14

Your Friendly Friend on Friendsters


View Profile WWW
February 24, 2019, 10:39:58 AM
 #7

100% it's a malware you got there. But I am not sure if it's due to those faucets where your computer got infected. Are you using google chrome because the browser prevents you from entering dangerous websites and will scan downloads. I highly suspect you installed an infected software which triggered the installation of the malware. Good thing though you notice the address was changed. You did the right thing by re-installing the entire OS which will also remove those other unwanted programs.

CRYPTOXYGEN ▬▬▬▬▬▬▬◌ Website ▬◌ Whitepaper ▬◌ ANN Thread ▬◌ Twitter ▬◌ Telegram
◌▬▬ The World's First Cryptocurrency Exchange Integrated In Hardware Thomson Computing ▬▬◌
◌▬▬▬▬▬▬▬◌ ICO IS LIVE NOW‼ ◌▬▬▬◌ JOIN AND CLAIM YOUR BONUS‼ ◌▬▬▬▬▬▬▬◌
Mashfiqun
Jr. Member
*
Offline Offline

Activity: 44
Merit: 3


View Profile WWW
February 24, 2019, 11:22:11 AM
 #8

100% it's a malware you got there. But I am not sure if it's due to those faucets where your computer got infected. Are you using google chrome because the browser prevents you from entering dangerous websites and will scan downloads. I highly suspect you installed an infected software which triggered the installation of the malware. Good thing though you notice the address was changed. You did the right thing by re-installing the entire OS which will also remove those other unwanted programs.
I generally do check addresses. But this is the only time it was entirely changed.
I am lucky that I didn't click the send button.
Yes, I thought re-installing OS would help, and it did.
Switching to Brave Browser for more ad blocking. <3
hacker1001101001
Sr. Member
****
Offline Offline

Activity: 574
Merit: 295


NO SYSTEM IS SAFE !


View Profile
February 24, 2019, 11:36:23 AM
Last edit: February 24, 2019, 11:48:13 AM by hacker1001101001
Merited by DdmrDdmr (1)
 #9

This probably is a known script in the Windows operating system and is used by many hackers out there to manipulate copy-paste or Keystroke activity of a victim. As per I know this is one of the old operating viruses and has not affected much in the crypto space currently. Rather there are many other similar scripts developed every day to manipulate the data on the web. We could say they are pretty common and most of the anti-virus even if they are some free ones, can detect it.

The reason behind you getting affected by the virus would probably be an unwilling click on some spammy stuff online which further led this virus to penetrate in your system and later manipulated your transactions.

My best solution to avoid such type of manipulation is using a Linux operating system which would surely keep you secure from such spammy scripts in the future.

I would suspect you were using a windows operating system right?

You could check this video, to know more about how does the malware work:

Windows ClipBoard Hijacker Swaps out CryptoCurrency Addresses
Ipwich
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 529


For the love of SegWit


View Profile
February 24, 2019, 12:11:34 PM
 #10

I have my friends got victimized with this in the past, they are not careful in sending without double checking the recipient address
and their coins was gone. I'm glad they informed so I'm aware and more careful, I'm also not double stuff from the internet as that could be one of the cause, with my sensitive information in my computer, I only dedicate my PC on crypto thing.

This is what you call copy-and-paste virus:

Copy-Paste Virus For Bitcoin Users -- Beware!!!
affected by bitcoin Copy paste viruses

You're lucky that you didn't send the bitcoin right away, otherwise it's goodbye. I'm sure you learn your lessons already so next time just be careful.

......
.L I V E C O I N . N E T.
.
..PROFITBOX..
██  █████████████████████████
  █████████▄      ▄██████████
█████████████▄  ▄████████████
    █████████████████████████
  ██████████▀    ▀█ ▀████████
████  █████▀  ▄▄  ▀█  ▀██████
  ████████▀  ▄██▄  ▀█   ▀████
    ██████   ▀██▀   ██   ████
  █████████▄      ▄██████████
██  █████████▄  ▄████████████
  ███████████████████████████
██  █████████████████████████
  █████████████████████▀ ███
█████████████████████▀   ███
    █████████████▀     ████
  █████████████▀   ██    ████
████  █████▀     ██    ████
  ███████▀   ██    ██    ████
    █████    ██    ██    ████
  ███████    ██    ██    ████
██  █████    ██    ██    ████
  ███████████████████████████
.....
Mashfiqun
Jr. Member
*
Offline Offline

Activity: 44
Merit: 3


View Profile WWW
February 24, 2019, 12:12:03 PM
 #11

This probably is a known script in the Windows operating system and is used by many hackers out there to manipulate copy-paste or Keystroke activity of a victim. As per I know this is one of the old operating viruses and has not affected much in the crypto space currently. Rather there are many other similar scripts developed every day to manipulate the data on the web. We could say they are pretty common and most of the anti-virus even if they are some free ones, can detect it.

The reason behind you getting affected by the virus would probably be an unwilling click on some spammy stuff online which further led this virus to penetrate in your system and later manipulated your transactions.

My best solution to avoid such type of manipulation is using a Linux operating system which would surely keep you secure from such spammy scripts in the future.

I would suspect you were using a windows operating system right?
Yes I am using Windows as stated in my post.
Using Linux may be a solution but sometimes Windows is the best way to go.
Thanks for your recommendations.
Lucius
Legendary
*
Offline Offline

Activity: 1540
Merit: 1333


Fortis Fortuna Adiuvat


View Profile WWW
February 24, 2019, 12:12:58 PM
Merited by DdmrDdmr (1), theyoungmillionaire (1)
 #12

I scanned with my antivirus and MalwareBytes and it was resolved. But I wanted more safety so I did a full Windows re-installation.

You probably not have such a good antivirus and you only use free version of Malwarebytes. Primary purpose of security software is to protect you from potential threats before they penetrate the system, and for that you should have proactive protection. Think about improving your security software, it is not too expensive, and in any case it is worth it.

I also browse some faucets, and it is true most of them have very aggressive advertising and potentially dangerous things, so without adequate protection no user should use such sites / or to use them with device which is not have any crypto wallet.

Mashfiqun
Jr. Member
*
Offline Offline

Activity: 44
Merit: 3


View Profile WWW
February 24, 2019, 12:29:37 PM
 #13

You probably not have such a good antivirus and you only use free version of Malwarebytes. Primary purpose of security software is to protect you from potential threats before they penetrate the system, and for that you should have proactive protection. Think about improving your security software, it is not too expensive, and in any case it is worth it.
Well, sort of. But now I'm considering security seriously. Gonna buy a new premium antivirus.
r1s2g3
Sr. Member
****
Offline Offline

Activity: 630
Merit: 387


I am alive but in hibernation.


View Profile
February 24, 2019, 03:23:07 PM
 #14

This is not the new virus. The exact name of this virus in "Coin RPG Malware".
Please read below the 4 year old reddit post

https://www.reddit.com/r/Bitcoin/comments/29z742/help_freaking_outpasting_is_not_pasting_the/

.
Game that
pays for
Playing











A
blockchain
based game
Ask me anything
about the game
in Bitcointalk.











A game
that recognize
your ownership
Join the
exciting game
of splinterlands











              ▄▄▄▄▄▄██████▄▄▄▄▄▄
          ▄▄██████████████████████▄▄
        ███████▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀███████
     ████████▌    ▄▄▄▄▄▄▄▄    ▐████████
   ▄██████████▌  █████ ▀ ▀███  ▐██████████▄
  ▐███████████▌ ████▄▄ ██ ▐███ ▐███████████▌
  ████████████▌▐█████     ████▌▐████████████
 █████████████▌ ███▄▄ ██ ▐████ ▐█████████████
 █████████████▌  ███    ▄████  ▐█████████████
██████████████▌    ▀▀▀▀▀▀▀▀    ▐██████████████
██████████████████████████████████████████████
▀████████████████████████████████████████████▀
   ▐██████████████████████████████████████▌
   ▐█████████████▀▀▀▀▀▀▀▀▀▀▀▀█████████████▌
    ▀▀██████▀▀                  ▀▀██████▀▀
crairezx20
Legendary
*
Offline Offline

Activity: 1512
Merit: 1044

Zcoin is coming...


View Profile WWW
February 24, 2019, 03:34:22 PM
Merited by DdmrDdmr (2), theyoungmillionaire (1)
 #15

Some faucets site have auto install script so even you are not clicking any ads the malware or virus will automatically install in your system.
So to avoid getting infected or attack by hackers use an updated antivirus that supports crypto protection like Kaspersky total security.

I never experienced any problem like clipboard virus. I have this virus on my rig miner but I don't use them for transferring bitcoin or any crypto.

It shows clipboard.exe on task manager that is why I restrict the windows when this clipboard.exe running because I don't know how to remove this without waiting too long to scan the rig.

Anyway, I just use my rig for mining and everything there including the bat script is edited from my laptop before I transfer them to the mining rig.

Always make sure that you are using antivirus and you will be fine to protect your self from malware and viruses. Don't use AVG, Avast and McAfee it may lead to more malware and advertisement.

ESET and Kaspersky are the best for me because after you download a file or going to a website if they found suspicious or viruses they will automatically disinfect the file or delete without asking you.

Velkro
Legendary
*
Offline Offline

Activity: 1918
Merit: 1011


<3 Vanity Addresses :)


View Profile
February 24, 2019, 07:33:26 PM
 #16

Just yesterday I was going to send some bitcoins to my friends address. He gave me his address, I copied it and went to send on my wallet. Suddenly I saw the address my friend gave me started with 3 but the address I pasted to send the transaction started with 1. I then copied other wallet addresses and pasted on notepad. And everytime it was another new address. This was some kind of clipboard hacking.
You infected your PC somehow. Best way to fight this is to reinstall whole operating system you have. Cleaning virus is never 100% precise and you can't be sure it was destroyed completly. Best course of action is to reinstall OS as you mentioned.
Learn about computer hygiene for future actions and to not loose ur Bitcoins.

logfiles
Copper Member
Sr. Member
****
Offline Offline

Activity: 364
Merit: 309


Citizen of The Bitcoin Republic


View Profile WWW
February 24, 2019, 08:11:53 PM
Merited by vapourminer (1)
 #17

My best solution to avoid such type of manipulation is using a Linux operating system which would surely keep you secure from such spammy scripts in the future.

I use Linux too and yes for now it feels safe but that does not mean that someone out there will not consider making malware for Linux too. I think the reason we don't have so many such cases in Linux is because it does not have a big user base as windows so making malware for Linux does not seem profitable and feasible for the hackers.

Care always has to be taken care off regardless of the operating system because you never know on which side of the bed the hacker might wake up from one day  Grin

Some faucets site have auto install script so even you are not clicking any ads the malware or virus will automatically install in your system.
So to avoid getting infected or attack by hackers use an updated antivirus that supports crypto protection like Kaspersky total security.
Add the NoScript add on to the list. I currently use it in Mozilla Firefox and it blocks all suspicious scripts while you browser through different web pages. The power is in your hands on what script to unblock and which to keep blocked. This can prevent necessary downloading of malware or infection of your web browser without your knowledge.

          ▄▄████▄▄
      ▄▄███▀    ▀███▄▄
   ▄████████▄▄▄▄████████▄
  ▀██████████████████████▀
▐█▄▄ ▀▀████▀    ▀████▀▀ ▄▄██
▐█████▄▄ ▀██▄▄▄▄██▀ ▄▄██▀  █
▐██ ▀████▄▄ ▀██▀ ▄▄████  ▄██
▐██  ███████▄  ▄████████████
▐██  █▌▐█ ▀██  ██████▀  ████
▐██  █▌▐█  ██  █████  ▄█████
 ███▄ ▌▐█  ██  ████████████▀
  ▀▀████▄ ▄██  ██▀  ████▀▀
      ▀▀█████  █  ▄██▀▀
         ▀▀██  ██▀▀
WINDICE████
██
██
██
██
██
██
██
██
██
██
██
██
████
      ▄████████▀
     ▄████████
    ▄███████▀
   ▄███████▀
  ▄█████████████
 ▄████████████▀
▄███████████▀
     █████▀
    ████▀
   ████
  ███▀
 ██▀
█▀

██
██
██
██
██
██
██
██
██
██
██
██
     ▄▄█████▄   ▄▄▄▄
    ██████████▄███████▄
  ▄████████████████████▌
 ████████████████████████
▐████████████████████████▌
 ▀██████████████████████▀
     ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
     ▄█     ▄█     ▄█
   ▄██▌   ▄██▌   ▄██▌
   ▀▀▀    ▀▀▀    ▀▀▀
       ▄█     ▄█
     ▄██▌   ▄██▌
     ▀▀▀    ▀▀▀

██
██
██
██
██
██
██
██
██
██
██
██
                   ▄█▄
                 ▄█████▄
                █████████▄
       ▄       ██ ████████▌
     ▄███▄    ▐█▌▐█████████
   ▄███████▄   ██ ▀███████▀
 ▄███████████▄  ▀██▄▄████▀
▐█ ▄███████████    ▀▀▀▀
█ █████████████▌      ▄
█▄▀████████████▌    ▄███▄
▐█▄▀███████████    ▐█▐███▌
 ▀██▄▄▀▀█████▀      ▀█▄█▀
   ▀▀▀███▀▀▀
████
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
  ██
████


▄▄████████▄▄
▄████████████████▄
▄████████████████████▄
███████████████▀▀  █████
████████████▀▀      ██████
▐████████▀▀   ▄▄     ██████▌
▐████▀▀    ▄█▀▀     ███████▌
▐████████ █▀        ███████▌
████████ █ ▄███▄   ███████
████████████████▄▄██████
▀████████████████████▀
▀████████████████▀
▀▀████████▀▀
██████
██████
███
███
███
███
███
███
███
███
███
███
██████
██████
.Play Now.██████
██████
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
   ███
██████
██████
Kopyleft
Member
**
Offline Offline

Activity: 168
Merit: 15

Future of Security Tokens


View Profile
February 24, 2019, 08:16:28 PM
Last edit: February 24, 2019, 08:46:36 PM by Kopyleft
 #18

Thanks for sharing this information. For safety I clear my clip boards daily and always write down any important information or data I need. I regularly also scan my device for virus or malware. We should all always be security conscious. Especially when dealing with unverified links and apps.

EndimyonsDream
Jr. Member
*
Offline Offline

Activity: 168
Merit: 9

Airdrops,Bounties - https://t.me/Crypto_oBridge


View Profile
February 24, 2019, 09:28:47 PM
 #19

I would also advise to start using the Brave browser, best browser out there in my opinion when it comes to security and protecting yourself.

Airdrops, Sponsored Bounties, TA signals, Crypto tips and tricks.
https://t.me/Crypto_oBridge
emulsifryer
Member
**
Offline Offline

Activity: 330
Merit: 10

Free crypto every day here: discord.gg/pXB9nuZ


View Profile
February 24, 2019, 11:34:54 PM
 #20

Just yesterday I was going to send some bitcoins to my friends address. He gave me his address, I copied it and went to send on my wallet. Suddenly I saw the address my friend gave me started with 3 but the address I pasted to send the transaction started with 1. I then copied other wallet addresses and pasted on notepad. And everytime it was another new address. This was some kind of clipboard hacking. Some kind of malware came into my laptop and started to do these. I think using faucets and other nsfw sites might have done this.
I scanned with my antivirus and MalwareBytes and it was resolved. But I wanted more safety so I did a full Windows re-installation.

Always try to avoid faucets with a lot of ads, don't click anything stupid, don't download anything unwanted.
And always double check addresses before sending any transaction.
Peace.
I have also experienced the same thing as what happened to yours. You must double check every time you make transactions because you wouldn't know if the address you were going to send your coins is not really yours.

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!