Baofeng (OP)
Legendary
 Offline
Activity: 2590
Merit: 1658
|
 |
May 05, 2021, 09:57:13 PM Merited by pooya87 (2), Daniel91 (2), Yaunfitda (2), btc_angela (2), DdmrDdmr (2), cryptomaniac_xxx (2), vapourminer (1), Jating (1), tranthidung (1), cheezcarls (1), Dave1 (1) |
|
A new malware was recently discovered last month and being called "Panda Stealer". And mostly they are spread across United States, Australia, Japan and Germany. Mode of infection 1. Spam email pretending to be a business quote request. And it has an XLS attachment, obviously, it has a malicious content  2. Another attachment, but this time the XLS contained an Excel formula that utilizes a PowerShell command  Cryptocurrencies being targeted and others: Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim’s various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum. Not only does it target cryptocurrency wallets, it can steal credentials from other applications such as NordVPN, Telegram, Discord, and Steam. It’s also capable of taking screenshots of the infected computer and exfiltrating data from browsers like cookies, passwords, and cards. https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.htmlSo again, be careful even if you are not living on those countries that has been mentioned as the main target for now. The malware might not target bitcoin for now, but for sure this cyber actors are going to evolved. So don't open any attachment specially coming from unknown source. |
| │ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███▀▀▀█████████████████
███▄▄▄█████████████████
███████████████████████
███████████████████████
███████████████████████
█████████████████████
███████████████████
███████████████
████████████████████████ | ███████████████████████████
███████████████████████████
███████████████████████████
█████████▀▀██▀██▀▀█████████
█████████████▄█████████████
████████▄█████████▄████████
█████████████▄█████████████
█████████████▄█▄███████████
██████████▀▀█████████████
██████████▀█▀██████████
▀███████████████████▀
▀███████████████▀
█████████████████████████ | | | O F F I C I A L P A R T N E R S
▬▬▬▬▬▬▬▬▬▬
ASTON VILLA FC
BURNLEY FC | | | BK8? | | | .
..PLAY NOW.. |
|
|
|
|
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1540
Merit: 4863
|
|
May 05, 2021, 10:16:11 PM |
|
Not even an email but spam email, that means some people will still go ahead checking spam messages when not authorized to receive an email message. To be on the safe side, it is better to even see many email messages included as spam messages because there are some that can lead to phishing attempts or contain malacious links just like you mentioned. I only click on links that I authorized for because I do not trust any other link. People can be so ridiculous, because of ignorance and greed.
|
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
Dave1
|
|
May 06, 2021, 03:14:36 AM |
|
Not even an email but spam email, that means some people will still go ahead checking spam messages when not authorized to receive an email message. To be on the safe side, it is better to even see many email messages included as spam messages because there are some that can lead to phishing attempts or contain malacious links just like you mentioned. I only click on links that I authorized for because I do not trust any other link. People can be so ridiculous, because of ignorance and greed.
Or better yet have a practice to separate our crypto related emails, and other personal emails or throw away emails. So that when we received an email to our crypto related account, that is a red flag already and should be deleted at once. And there could be people who can fall for this trick, maybe some will open and then they become the next victim here. |
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | │ | CRYPTO
FUTURES | | | | | | | │ | 1,000x
LEVERAGE | │ | COMPETITIVE
FEES | │ | INSTANT
EXECUTION | │ | .
TRADE NOW |
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1540
Merit: 4863
|
|
May 06, 2021, 05:11:58 AM |
|
Or better yet have a practice to separate our crypto related emails, and other personal emails or throw away emails. So that when we received an email to our crypto related account, that is a red flag already and should be deleted at once.
You are right, but not only crypto users can receive phishing email messages, it can happen to any other email accounts, users data on online platforms can be breached at anytime by hackers which is frequent these days,. Also some people like giving their emails to online platforms in which not even caring knowing if their data are protected or not. For maximum protection against such phishing attack, we need to limit the information we share online and yet not clicking on links on email messages we do not authorized for, but as for me, I do not even open such email message at all. And there could be people who can fall for this trick, maybe some will open and then they become the next victim here.
Yes, some people can fall for this type of online attack, that is why it is good to only click on email messages you authorized for. We all at one point in time gave out email for certain reasons online, data breach can be from anywhere. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10558
|
|
May 06, 2021, 05:41:43 AM |
|
Am I understanding this correctly that the Email itself doesn't contain the malware but a command that when executed through Excel(?) downloads the actual malware from the internet (paste.ee?), right?
In that case wouldn't this be mitigated by your firewall blocking the Excel access to the internet altogether and by default?
|
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
DdmrDdmr
Legendary
Offline
Activity: 2310
Merit: 10759
There are lies, damned lies and statistics. MTwain
|
|
May 06, 2021, 06:41:16 AM |
|
When it talks about two infection chains, I figure it means that it has two alternative deployment methods, one based on an xlsm and the other on an xls (like an A/B test to see which gets better results, or simply a way to diversify the attack).
If either case, the usual should apply, which is don’t fall for the call to action to open the attached email file (xls or xlsm). It doesn’t specify here what the call to action message is, except for the fact that it’s business related (i.e. "Please verify your invoice in the attached file" or so).
This particular malware targets crypto related stuff, which is likely going to be a trend as more people get into the game over time.
|
|
|
|
|
DigitalFox
Member
Offline
Activity: 280
Merit: 28
|
|
May 06, 2021, 09:31:30 AM |
|
For ages this warning exists and is being repeated by literally everyone: don't open attachments or click on links in emails, especially emails from unknown sources. I thought by 2021 every internet user would know that but no, there are still people out there who fall for it.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5676
Blackjack.fun🎲
|
|
May 06, 2021, 10:51:38 AM |
|
In that case wouldn't this be mitigated by your firewall blocking the Excel access to the internet altogether and by default?
Most people don't even have an antivirus program, and a firewall is something that the average Joe finds even harder to understand. I know the W10 has its own firewall that is turned on by default, but I'm not sure how well, or badly it does its job. When it comes to educating young people about computer security, I think we are generally in a very bad position - how else to explain so many online scams that have increased even more thanks to the pandemic. I found an interesting example from Singapore that shows the scale of such activities, so while it’s not solely about whether someone has an AV or a firewall, it still clearly shows that people still can’t distinguish good from bad. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
cheezcarls
|
|
May 06, 2021, 11:49:45 AM |
|
A new malware was recently discovered last month and being called "Panda Stealer". And mostly they are spread across United States, Australia, Japan and Germany. Mode of infection 1. Spam email pretending to be a business quote request. And it has an XLS attachment, obviously, it has a malicious content 2. Another attachment, but this time the XLS contained an Excel formula that utilizes a PowerShell command Cryptocurrencies being targeted and others: Once installed, Panda Stealer can collect details like private keys and records of past transactions from its victim’s various digital currency wallets, including Dash, Bytecoin, Litecoin, and Ethereum. Not only does it target cryptocurrency wallets, it can steal credentials from other applications such as NordVPN, Telegram, Discord, and Steam. It’s also capable of taking screenshots of the infected computer and exfiltrating data from browsers like cookies, passwords, and cards. https://www.trendmicro.com/en_us/research/21/e/new-panda-stealer-targets-cryptocurrency-wallets-.htmlSo again, be careful even if you are not living on those countries that has been mentioned as the main target for now. The malware might not target bitcoin for now, but for sure this cyber actors are going to evolved. So don't open any attachment specially coming from unknown source. Now this is really scary and thank you for the heads up. These hackers are trying to be one step ahead of the security measures like what happened in the previous exchange hacking incidents on Binance, etc. So they’ve created this malware and target emails involved in crypto. And yes, it’s better to have a separate email only for cryptos, and it’s not good to store our private keys or seed phrases there because of this new malware being spread. It could happen in other countries soon. Will tell my crypto friends about this. |
|
|
|
Synerggy
Member
Offline
Activity: 248
Merit: 13
Futiracoin.com
|
|
May 06, 2021, 12:40:57 PM |
|
This is why I don't bother opening any mail that I'm not expecting, the only way for this to become active on your PC is clicking which is a bait, OP how about mobile? Can this ticking timebomb mails affect smartphones as well?
|
|
|
|
Kemarit
Legendary
Offline
Activity: 3080
Merit: 1353
|
|
May 07, 2021, 12:46:37 AM |
|
This is why I don't bother opening any mail that I'm not expecting, the only way for this to become active on your PC is clicking which is a bait, OP how about mobile? Can this ticking timebomb mails affect smartphones as well?
I've read the attach article, and I can't find anything mentioning about mobile or smartphones. However, I wouldn't just be relax here, sooner or later this thread actors will evolved and might create a iteration of the said malware that will target mobile phones too. We all know that they are looking for every opportunity in crypto space because of the potential to hit one victim with crypto's worth millions of dollars. |
|
|
|
|
cabron
|
|
May 07, 2021, 12:57:36 AM |
|
Yep spam emails are still being checked by users, you got to be the most naive to really install something that is just attached to an email you found in your inbox. This stealer must have been very zealous to have sent to thousands of email addresses and only get one. This is why I don't bother opening any mail that I'm not expecting, the only way for this to become active on your PC is clicking which is a bait, OP how about mobile? Can this ticking timebomb mails affect smartphones as well?
I've read the attach article, and I can't find anything mentioning about mobile or smartphones. However, I wouldn't just be relax here, sooner or later this thread actors will evolved and might create a iteration of the said malware that will target mobile phones too. We all know that they are looking for every opportunity in crypto space because of the potential to hit one victim with crypto's worth millions of dollars. Sometimes it could go listed on Appstore but there's got to have some reason why someone would install it on their phone. |
|
|
|
|
jossiel
|
|
May 07, 2021, 03:57:29 PM |
|
Sometimes being lazy of opening unsolicited emails are helpful to us. If you don't know the source of an email, you better not open it.
And those attachments that are included on those emails, if you don't trust them, never bother yourself to click it.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5676
Blackjack.fun🎲
|
|
May 09, 2021, 02:06:59 PM |
|
Sometimes being lazy of opening unsolicited emails are helpful to us. If you don't know the source of an email, you better not open it.
Nothing bad will happen if we open any e-mail we receive, this in itself is not a danger because as far as I know it still takes a little more than just opening an e-mail for something bad to happen. It’s important not to download any attachments that come in such emails, but as they say “curiosity killed a cat”, and people who are curious (and careless) often fall into the trap. What I would especially like to point out is that you should beware of e-mails that only seemingly come from people you know, because someone can target you specifically - so a legitimate e-mail can be melissa23@xxx.com, and the hacker is sending from melisa23@xxx.com a message with content that says "look at my latest holiday pictures" just click on attachments. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
jossiel
|
|
May 09, 2021, 11:04:16 PM |
|
Sometimes being lazy of opening unsolicited emails are helpful to us. If you don't know the source of an email, you better not open it.
Nothing bad will happen if we open any e-mail we receive, this in itself is not a danger because as far as I know it still takes a little more than just opening an e-mail for something bad to happen. It’s important not to download any attachments that come in such emails, but as they say “curiosity killed a cat”, and people who are curious (and careless) often fall into the trap. What I would especially like to point out is that you should beware of e-mails that only seemingly come from people you know, because someone can target you specifically - so a legitimate e-mail can be melissa23@xxx.com, and the hacker is sending from melisa23@xxx.com a message with content that says "look at my latest holiday pictures" just click on attachments. You're right. There's no danger in opening it but with the example, you've given, that's making a person put him near to the danger that email has attached. It is okay to be curious but when it comes to attachments, the danger starts especially if the link goes with those informal set of links that they're including and sometimes in file formats that will hit the receiver's curiosity. But for those that are wanting to avoid them fully and don't want to hit their curiosity, ignoring and deleting them quickly would be the best measure. |
|
|
|
|
libert19
|
|
May 10, 2021, 02:58:29 AM |
|
Thumb of rule for these type of attacks is to ignore every email with attachment unless you expected it.
|
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
|
