Beware of new crypto Trojan Malware Saefko and InnfiRAT!

[dkbit98]

As reported by Cointelegraph and Zscaler, there is a new trojan malware based on Microsoft .NET that targets crypto, named Saefko
This means that Linux and Mac users are in a bit better position regarding this trojan, but as you can see it is Multi OS.





Please read source articles, educate and protect yourself:
https://cointelegraph.com/news/researchers-discover-new-cryptocurrency-focused-trojan
https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat

Zscaler ThreatLabZ has now reported a similar remote Access Trojan (RAT), called InnfiRAT, which is also written on .net, and which steals data from browser cookies, has the capability to take screenshots on your computer, and has a specific mission for search for crypto related information.

What I lack seeing though is this kind of report is the specific media it was detected on (i.e. zip file named so and so attached to an email on the topic of such and such), even though one obviously should not click on links nor download any software from other than triple checked official sites.

See:
https://cointelegraph.com/news/new-bitcoin-wallet-focused-trojan-uncovered-by-security-researchers
https://www.zscaler.com/blogs/research/innfirat-new-rat-aiming-your-cryptocurrency-and-more

How to protect yourself?

- Don't answer any unknown email
and don't download/open any email attachment from unknown senders

[1715672516]

1715672516

[1715672516]

1715672516

[1715672516]

1715672516

[1715672516]

1715672516

[YOSHIE]

If not mistaken I also see the same topic, warning about, (Cryptom Malware Saefko Trojan). A few days ago.

Topic: Researchers Discover New Crypto-Focused Trojan

I thought it was just a joke to frighten cryptocurrency investors,

However, every day the news gets more popular, it talks about fraud.

So, it's worth watching out for if this continues to grow.

As discussed.
Zscaler ThreatLabZ Discovers New Saefko Remote-Access Trojan (RAT) Malware Targeting Crypto Users

Researchers Discover New Cryptocurrency-Focused Trojan

Maybe whether there is an effect on Bitcoin in 2019 will skyrocket.
Reasons to scare off investors / cryptocurrency investments.

Bitcoin INFO



or this is indeed reality.
I only thought.

[dkbit98]

If not mistaken I also see the same topic, warning about, (Cryptom Malware Saefko Trojan). A few days ago.

Topic: Researchers Discover New Crypto-Focused Trojan

I thought it was just a joke to frighten cryptocurrency investors,

However, every day the news gets more popular, it talks about fraud.

So, it's worth watching out for if this continues to grow.

As discussed.
Zscaler ThreatLabZ Discovers New Saefko Remote-Access Trojan (RAT) Malware Targeting Crypto Users

Researchers Discover New Cryptocurrency-Focused Trojan

Maybe whether there is an effect on Bitcoin in 2019 will skyrocket.
Reasons to scare off investors / cryptocurrency investments.

Bitcoin INFO



or this is indeed reality.
I only thought.

Thanks!

We need a better SEARCH function for Bitcointalk forum,
as I did search before I posted, and I can't track every single post...
I noticed that searching for recent posts I always get some weird incorrect results...

We need one Locked topic related only to Malware, Viruses and Phishing security warnings,
please moderators

[YOSHIE]

We need one Locked topic related only to Malware, Viruses and Phishing security warnings,

No one has been locked, all the topics are almost the same.

Maybe you have something more unique about information (Malware, Viruses and Phishing security warnings) in a new method.
Topic:
[1]. Topic: Phishing myetherwallet site
[2]. Topic: 5 Ways to Avoid Bitcoin Scams
[3]. Topic: Google Malware Checker l SEO Ninja Softwares
[4]. Topic: Smishing and how not to fall for it
[5]. Topic: Cryptocurrencies Wallets
[6]. Topic: Hacker stole my funds from blockchain
[7]. Topic: Protecting Your Computer?

[rosezionjohn]

We need a better SEARCH function for Bitcointalk forum,
as I did search before I posted, and I can't track every single post...
I noticed that searching for recent posts I always get some weird incorrect results...

This this forum search guide may help in case you have not read it yet https://bitcointalk.org/index.php?topic=3127909.msg

[dkbit98]

We need one Locked topic related only to Malware, Viruses and Phishing security warnings,

No one has been locked, all the topics are almost the same.

Maybe you have something more unique about information (Malware, Viruses and Phishing security warnings) in a new method.
Topic:
[1]. Topic: Phishing myetherwallet site
[2]. Topic: 5 Ways to Avoid Bitcoin Scams
[3]. Topic: Google Malware Checker l SEO Ninja Softwares
[4]. Topic: Smishing and how not to fall for it
[5]. Topic: Cryptocurrencies Wallets
[6]. Topic: Hacker stole my funds from blockchain
[7]. Topic: Protecting Your Computer?

Thanks.
I meant to say ONE united STICKY topic for all that ....
my bad  

We need a better SEARCH function for Bitcointalk forum,
as I did search before I posted, and I can't track every single post...
I noticed that searching for recent posts I always get some weird incorrect results...

This this forum search guide may help in case you have not read it yet https://bitcointalk.org/index.php?topic=3127909.msg

Thanks.
I know how to use it, but 'most recent' is not giving good results



maybe there should be option for most recent post

[Pmalek]

Search like this for example:
site:bitcointalk.org Saefko to display results only from bitcointalk.org containing the search term Saefko or any other term you would like to see.

And you will get this:

[dkbit98]

Thanks @Pmalek

[Lafu]

Anyway thanks for let others know about that Trojan and Malware thing !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !

[dkbit98]

Anyway thanks for let others know about that Trojan and Malware thing !
The whole Malware problem getting bigger lately on the internet , but also here on the Forum there are lot of Links that get you to some downloads with Malware !

I agree.
That is why I think adding some notification warning from Bitcointalk would be good, regarding new security threats,
and maybe also separate sticky topic/threat for that.

Something like this or similar:

[Lafu]

I fighting the last month and weeks about the Fake ANNs here on the forum , and all links there are getting you to Fake githubs where they have there Malware software !
Also for bitbucket is the most times  Malware infected links . But its hard and difficult to do something about !
At the moment we just can look for them and findd it earlyer and report them to the Mods.

[Chlotide]

It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed

Code:

 [url=https://youtube.com]https://google.com[/url]

[Lafu]

It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed

Code:

 [url=https://youtube.com]https://google.com[/url]

In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github!
And as i said earlyer we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!

[dkbit98]

It's getting really crazy thb. Malware gets smarter, even hidden in images https://www.zdnet.com/google-amp/article/lokibot-information-stealer-now-hides-malware-in-image-files/.
Speaking of fake ann... a good ideea would be to mark spoofed links. The way links light up in green if url redirects to another page on the forum, to be red if it is spoofed

Code:

 [url=https://youtube.com]https://google.com[/url]

In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github!
And as i said earlyer we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!

I am not sure blacklisting bitbucket or Gitlub is a good solution for this.
I am more for some pop up or notification implementation.

[Chlotide]

... a good ideea would be to mark spoofed links...

Code:

 [url=https://youtube.com]https://google.com[/url]

In this case for the fake anns its Shows the link in Green because the links are going to github and there is the Problem because all fake anns have fake github Accounts that looking nearly the same as the original github!
And as i said earlier we just can report them now! Maybe its possible for theymos to Blacklist the bitbucket site! Havnt seen anyone that use them for source Code or other things, only some fake ann use them! Would be a good start to fight about them and safe some users some Action and losing there things like login Details and more!

I understand and saw/reported a few myself
What I was suggesting is something like this: instead of the old blue color a link normally has, color it red if spoofed

https://bitcointalk.org - keep it blue

Code:

https://bitcointalk.org

https://www.google.com - keep it blue

Code:

https://www.google.com

https://bitcoin.org - make it red

Code:

[url=https://www.youtube.com]https://bitcoin.org[/url]

It could help imo. Maybe a bit with fake/spoofed github repos and with anything else of that manner ...

[Lafu]

I havnt said or written to Blacklist github because that would not happen, i just have written for maybe Blacklist "bitbucket" links if possible! Would be start for against malware posted links! Its just an Suggestion and depends on theymos to do that or not! In the mean time i looking everyday for catch them who Posting this links.

[dkbit98]

I havnt said or written to Blacklist github because that would not happen, i just have written for maybe Blacklist "bitbucket" links if possible! Would be start for against malware posted links! Its just an Suggestion and depends on theymos to do that or not! In the mean time i looking everyday for catch them who Posting this links.

I meant to say Bitbucket and GITLAB (I wrote by mistake Gitlub).
That are active Github alternatives

[bustedsynx]

That's why it's important to isolate anything crypto-related into a clean virtual machine environment. The keylogging bit scares me.

[mikeywith]

This means that Linux and Mac users are in a bit better position regarding this trojan

This is wrong, just because that piece of code was written using .NET firmware (Microsoft )does not mean it has less effect on any other operation system, in fact i looked at the code and seems like they used C# to write that code,most likely using Visual Studio, and starting from 2017  .Net Visual Studio implemented a new function where you can basically use the same code to compile both windows and mac based application.

I also don't understand why all the fud regarding this one specific malware, it's not like they found an exploit in the .NET firmware or something else, it is simply another RAT , there are RATs by the ton out there and they all cause just about the same damage, there is really no point in warning people about every single one of them, this creates a sort of impression that malware are more effective on crypto assets than credit cards or any other online payment system, which is technically wrong.

These malware are only effective if the user lacks basic knowledge regarding computers/internet security , if you follow one simple rule which is ( NEVER run executable files from untrusted sources ) you are pretty much safe from all malware out there, the only thing that you can't help stop would be an exploit in the OS or one of the trusted programs you have installed on your computer , which is very rare.

[dkbit98]

This means that Linux and Mac users are in a bit better position regarding this trojan

This is wrong, just because that piece of code was written using .NET firmware (Microsoft )does not mean it has less effect on any other operation system, in fact i looked at the code and seems like they used C# to write that code,most likely using Visual Studio, and starting from 2017  .Net Visual Studio implemented a new function where you can basically use the same code to compile both windows and mac based application.

I also don't understand why all the fud regarding this one specific malware, it's not like they found an exploit in the .NET firmware or something else, it is simply another RAT , there are RATs by the ton out there and they all cause just about the same damage, there is really no point in warning people about every single one of them, this creates a sort of impression that malware are more effective on crypto assets than credit cards or any other online payment system, which is technically wrong.

These malware are only effective if the user lacks basic knowledge regarding computers/internet security , if you follow one simple rule which is ( NEVER run executable files from untrusted sources ) you are pretty much safe from all malware out there, the only thing that you can't help stop would be an exploit in the OS or one of the trusted programs you have installed on your computer , which is very rare.

I also wrote this:

but as you can see it is Multi OS.

'FUD' is proportional to amount of sales this trojan got over social media recently,
and specific cryptocurrency targeting.

You should also check out this link regarding Windows Remote Desktop Vulnerability:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1182