Warning! Be careful when you copy and paste bitcoin address from Electrum wallet

[microlab369]

Hi Guys!

I am currently using Electrum wallet 3.3.6 executable version. Which is fine till last night. And this morning when I open the wallet what I found is what every addresses in the wallet address list I copy either using Ctrl+C/Ctrl+V or right click select copy are the same, and I looked it on explorer and noticed that this address:13gwPnRgJjqsg2T1QQ6LQXtxWJAQDJWD6z has receipt more than 1.4 BTC so far with various amount recently.

I double checked the phonmena when I opened another wallet file, and the copy/paste result pointed to the same address :3NW1CuurGdsWfRmWTjgjMJueTt1eM5L32R, which is now empty for now.

So, when you guys copy address from your electtrum wallet I urge you to double check the paste results before you click confirm. It is highly likely that those vicious ones are using this to ripe you off.

Good luck

[1715556137]

1715556137

[1715556137]

1715556137

[1715556137]

1715556137

[Abdussamad]

looks like you have malware on your system

[HCP]

I doubt this has anything to do with Electrum itself... and is more likely that you have a clipboard hijacker virus/malware installed on your system.

I would suggest that at the very least you run some of the common anti-malware scanners like MalwareBytes or Spybot Search and Destrory... and preferably, backup your important data, then wipe/format your computer and reinstall the Operating System. It is highly likely you have all sorts of nasty stuff infecting your system!

[NeuroticFish]

It looks like a dumber variant of the clipboard malware. Afaik at least the original one had the "common sense" to keep the start and the end identical with the original address.

With so many "electrum problems" lately, actually not related with Electrum at all, I wonder if it's not some campaign against Electrum, although I fail to understand what could be the reason for it.

[Abdussamad]

making money is the reason for it.

[pooya87]

It looks like a dumber variant of the clipboard malware. Afaik at least the original one had the "common sense" to keep the start and the end identical with the original address.

i actually have never seen one that did that. are you sure you are not just talking about the theoretical hijacker? because i remember there was a discussion on bitcointalk about how they could do that using vanity generation technique but it would only be first 2 or 3 characters since it takes a lot more time if it is more and also there is absolutely no way you could have identical "end" since it is the checksum and with 1 bit difference in address the whole thing changes.

[NeuroticFish]

It looks like a dumber variant of the clipboard malware. Afaik at least the original one had the "common sense" to keep the start and the end identical with the original address.

i actually have never seen one that did that. are you sure you are not just talking about the theoretical hijacker? because i remember there was a discussion on bitcointalk about how they could do that using vanity generation technique but it would only be first 2 or 3 characters since it takes a lot more time if it is more and also there is absolutely no way you could have identical "end" since it is the checksum and with 1 bit difference in address the whole thing changes.

I did a search and you're right. I was living with the (wrong) impression that the initial malware was smarter than I thought.
I guess that this was caused by the fact that one of the first cases I've seen discussions about that malware the good and bad addresses were at least having the first 3 letters identical.
But yes, it seems to be just simply the old malware.

[jerry0]

Does anyone know how this copy and paste issue arise from?  People say malware but from where specifically?  Does anyone know?

[TryNinja]

Does anyone know how this copy and paste issue arise from?  People say malware but from where specifically?  Does anyone know?

Fake wallets, "Bitcoin Generators", etc... basically anything. These kind of clipboard modifiers are common when we talk about malware.

[NeuroticFish]

Does anyone know how this copy and paste issue arise from?  People say malware but from where specifically?  Does anyone know?

I guess that'll help you to read this: https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/
In that article they've posted a (Virustotal.com) link with how the antiviruses detect a d3dx11_31.dll file infected with such trojan.

Another report is at symantec: https://www.symantec.com/security-center/writeup/2016-020216-4204-99?tabid=2

However, if you look at that VirusTotal link you'll see a number of names you can start with if you want to research deeper.

[martias4444]

jesus, people, run your wallets on live version of OS to prevent all viruses. If you dont know what live OS is you shouldn't be using crypto and for those using mobile phones for crypto purpose, well sorry a phone doesnt even come close to a computer.

[standing_behind]

Today, while trying to open my old wallet Electrum, the Trojan (Miner-AP trj) was detected by the Avast antivirus
I highly recommend use cold or hardware wallets

[Rath_]

Today, while trying to open my old wallet Electrum, the Trojan (Miner-AP trj) was detected by the Avast antivirus

That was probably a false positive. This issue has been addressed here. Altcoins miners and some software wallets are sometimes detected as malware. By the way, update Electrum.

[bob123]

jesus, people, run your wallets on live version of OS to prevent all viruses.

Using a live OS does not protect you against all kind of malware (i guess you wanted to say malware, not virus).

A virus is a subcategory of malware which spreads itself automatically through a network by exploiting vulnerabilities. You probably meant to talk about malware in general.

If you dont know what live OS is you shouldn't be using crypto and for those using mobile phones for crypto purpose, well sorry a phone doesnt even come close to a computer.

You are right.
An up-to-date android mobile is more secure than a windows computer.

[NeuroticFish]

If you dont know what live OS is you shouldn't be using crypto and for those using mobile phones for crypto purpose, well sorry a phone doesnt even come close to a computer.

You are right.
An up-to-date android mobile is more secure than a windows computer.

And since many smartphone manufacturers don't pay much attention to updating the OS after it's sold, and since many simply buy various Chinese smartphones (for better specs/price ratio), I'd say that an up-to-date live OS made only for this reason should still be the safest and easiest choice if one doesn't want to buy hardware wallet.

[bob123]

And since many smartphone manufacturers don't pay much attention to updating the OS after it's sold, and since many simply buy various Chinese smartphones (for better specs/price ratio), I'd say that an up-to-date live OS made only for this reason should still be the safest and easiest choice if one doesn't want to buy hardware wallet.

A live OS is indeed a safer option, no doubts.

I am just sick of those people claiming mobiles are enormous unsecure by definition, while they are running a windows machine on their desktop.
I'd even go that far, to claim that compromising a windows machine is way easier then compromising an android mobile (given that both systems have the same 'level' of security measurements).

Excluding all social engineering - regarding only the technical aspects - windows is more prone to being compromised due to the extreme number of vulnerabilities (found and not found ones).


Btw.. my mobile is roughly 2 years old and still receives monthly updates. About 10-14 days after google releases them.

[NeuroticFish]

I am just sick of those people claiming mobiles are enormous unsecure by definition, while they are running a windows machine on their desktop.

That's correct, however, there's on small extra point to take into consideration.
There are plenty of users that know how to keep their windows safe and no idea about nix or android.
If you ask them get rid of windoze you may either lose them, either they'll make big mistakes. (Tbh I am a bit nervous myself when going onto nix.)
So.. no solution is perfect.

I'd even go that far, to claim that compromising a windows machine is way easier then compromising an android mobile (given that both systems have the same 'level' of security measurements).

Excluding all social engineering - regarding only the technical aspects - windows is more prone to being compromised due to the extreme number of vulnerabilities (found and not found ones).

Since a big % of windoze users know / were told that windoze is not safe by default, they use to have some decent security software on. And then social engineering (including infected e-mails or games that work only if you disable the antivirus or whatever) remain the main entry point.

Btw.. my mobile is roughly 2 years old and still receives monthly updates. About 10-14 days after google releases them.

Wow, what maker? One of the reasons I gave up Samsung was the lack of updates.

[bob123]

There are plenty of a few users that know how to keep their windows safe [...]

Fixed that for you 

Since a big % of windoze users know / were told that windoze is not safe by default, they use to have some decent security software on.

Well but 'security software' means a single AV software.
There are plenty of AV's available for android too. TBH, i would everyone recommend to install it on their mobile.

And then social engineering (including infected e-mails or games that work only if you disable the antivirus or whatever) remain the main entry point.

That's true, unfortunately.. Any OS is prone to that.

The biggest vulnerability is not sitting inside of the software or hardware, but in front of the monitor 

Wow, what maker? One of the reasons I gave up Samsung was the lack of updates.

Ironically.. Huawei 

I know.. people can claim "uuhhh china is spying and collecting data..", to prevent such arguments:
1) there is not a single proof for them spying and
2) everyone collects data. And i feel i am less vulnerable if china has my data compared to the US

Huawei is doing a really good job at pushing out updates soon after google releases them.

[NeuroticFish]

All right, you made my day 

There are plenty of a few users that know how to keep their windows safe [...]

Fixed that for you 

I was told that I'm too pessimistic. Well, you are worse than me 

There are plenty of AV's available for android too. TBH, i would everyone recommend to install it on their mobile.

Although I do have AV on Android, even if many tell that it's useless (!!), it never cried about any of the installed programs.
So I don't know how Android "reacts" when you install app from Play Store and it's stealing your data.
I mean, an app can ask for certain rights (maybe even for good reasons!) and you'll grant them; then it's free to do whatever it wants.
So no, I am not certain about the security of mobiles.

The biggest vulnerability is not sitting inside of the software or hardware, but in front of the monitor 

Yup, "the biggest problem for computers sits between the chair and the keyboard".

Ironically.. Huawei 

LMAO!
I have Xiaomi and they did some updates too (although no Pie yet for me). But I'd not trust them, whether there's proof or not.
A bit of paranoia is necessary in this (Bitcoin) world.

[bob123]

So I don't know how Android "reacts" when you install app from Play Store and it's stealing your data.
I mean, an app can ask for certain rights (maybe even for good reasons!) and you'll grant them; then it's free to do whatever it wants.
So no, I am not certain about the security of mobiles.

Well.. since you are giving them the permissions, that's nothing an AV software should block, unfortunately.

But the same applies to a desktop computer.
If you run an executable, it can create outgoing connections without being blocked. And if it is establishing an encrypted connection with TLS, there is nothing an AV can do to determine whether it is 'normal' or malicious traffic 

Malicious applications on a desktop computer can even do more harm than malicious apps on a mobile.
On a desktop computer, malware gains access to each file in the user context (basically everything except for system files and folders).
On an android, the malware does not get access to any data from a different application since android enforces application encapsulation. Each application is being run in a different user context.
Only data on the SD card can be accessed by any application. That's btw also the reason why one should never store sensitive data on the external memory.

But I'd not trust them, whether there's proof or not.
A bit of paranoia is necessary in this (Bitcoin) world.

The only 'one' i am completely trusting is Mr. Mathematics. He never lies.

All right, you made my day 

What did i do or say? 
Well.. it doesn't matter. Better be HappyFish instead of NeuroticFish