Issue with virus

[Crazymoon]

I am trying to find some information about certain virus that is related with cryptocurrency.

Basically what happened was, somehow I got infected by a virus and it was only targeting any exchange where I had an account (there was no logins on these exchanges from any other IP address).
It was when I login on the exchange and I try to deposit, so when I click on the deposit window to show the deposit address it would always be the same deposit address and the QR code was missing. It was almost like a some kind of virus that has connection with the inspect element of the site when you access it.

So, let's say I login on Binance, then I click on deposit BTC, and the address is completely different on my PC then the one that I am seeing on my tablet and on top of that the QR code for the BTC address on my PC is missing while on my tablet I am seeing this completely fine. And this was not the case just with Binance but with any other exchange.

What I did was I performed a full clean and format my computer. From what I can tell is that none of my passwords or documents were stolen. I even had a wallet with some BTC on it and it wasnt stolen at all however I did changed every single password and re-did all my 2FA so I can be safe.

I guess this virus was all about modifying the inspect element on any site that has relationship with BTC deposits.

My question is, is anyone familiar with such a virus? And it wasn't the case where some viruses modify what you have copied in your clipboard this was like I said more of like an inspect element type of thing on the website.

Thanks for reading and let me know if anyone can find some information.

[Charles-Tim]

There has been clipboard malware since long time ago. For example, if you want to send Bitcoin to someone, the Bitcoin address can be changed to a hacker's address immediately your paste in the address. That is why you need to check and recheck the address you are sending bitcoin to before pressing on the send button. The best in this regard is to uninstall you device OS and install back the OS to make it free of any kind of malware, some people will format the device like you did.
(virus is just one of the makeware, there are others like Trojan, Rootkit and Botnents. Some malware are combination of two or more malware to help achieve compromisimg the intended devices).

[Crazymoon]

There has been clipboard malware since long time ago. For example, if you want to send Bitcoin to someone, the Bitcoin address can be changed to a hacker's address immediately your paste in the address. That is why you need to check and recheck the address you are sending bitcoin to before pressing on the send button. The best in this regard is to uninstall you device OS and install back the OS to make it free of any kind of malware, some people will format the device like you did.
(virus is just one of the makeware, there are others like Trojan, Rootkit and Botnents. Some malware are combination of two or more malware to help achieve compromisimg the intended devices).

I am familiar with the clipboard malware. But like I said this is not the case. I am interested to see if anyone has any information on what kind of virus is this? This changes the deposit address and removes the QR code off the exchanges. It's like you login and you have already pre-set deposit address and QR code is nowhere near to be found in the exchange. And it's like this on any exchange.

Like I said I have already sorted the issue by formatting my PC but I am just asking if someone is familiar what this might be or explain a bit more?

[sheenshane]

I may suggest you read this Clipboard virus (Free Instructions) - Removal Guide.

I suspected that still belongs to the Trojan virus, you should have a full scan of your computer have used if you suspected that there's unusual behavior in your PC, like also running slow your computer while browsing in your computer.  In the above link that I have shared, there's a guide on how to clean your PC safe and you should take an action before the intruder will get your fund.  As soon as possible, clean your PC now.

Make sure that your account on exchange has multiple layers of security, like enabling 2FA verification.  Scammer won't execute withdrawal without your permission.

[Charles-Tim]

Like I said I have already sorted the issue by formatting my PC but I am just asking if someone is familiar what this might be or explain a bit more?

Disregard my post above. So far you are making use of an exchange, and the deposited address is different and not yours, that should not be QR code or clipboard malware as it is deposit address that was affected (which means your exchange account is totally affect). It is strange to me but I think the hacker was able to logout your exchange account, login their own account which may be very similar to yours, and spying on your activities.

Didn't you enable 2fa and sim authentication?

[Crazymoon]

I may suggest you read this Clipboard virus (Free Instructions) - Removal Guide.

I suspected that still belongs to the Trojan virus, you should have a full scan of your computer have used if you suspected that there's unusual behavior in your PC, like also running slow your computer while browsing in your computer.  In the above link that I have shared, there's a guide on how to clean your PC safe and you should take an action before the intruder will get your fund.  As soon as possible, clean your PC now.

Make sure that your account on exchange has multiple layers of security, like enabling 2FA verification.  Scammer won't execute withdrawal without your permission.

Let me explain one more time since I don't think you have read what I have wrote in the main post. I have already stated that I have formatted my PC right away. The virus is gone, I already took care of it. I am interested to find out if anyone else have encountered with the following virus? If someone have experienced such a behavior from a virus? If there's any information about this virus? Or it's something brand new?

Like I said I have already sorted the issue by formatting my PC but I am just asking if someone is familiar what this might be or explain a bit more?

Disregard my post above. So far you are making use of an exchange, and the deposited address is different and not yours, that should not be QR code or clipboard malware as it is deposit address that was affected (which means your exchange account is totally affect). It is strange to me but I think the hacker was able to logout your exchange account, login their own account which may be very similar to yours, and spying on your activities.

Didn't you enable 2fa and sim authentication?

So, the weird part is that the exchange account was not affected at all. I have 2FA all kind of security for every single exchange. I am thinking it might be something with javascript injection? Is this possible? Like after you login on the exchange and then you have already pre-set the deposit address and missing the QR code? Isn't something like this possible? Like try to completely and automatically modify and inspect element the website?

I had no breaches in any of my exchanges. And this have happened to a couple of exchanges until I spotted the issue (I haven't sent any money to it, I haven't lost anything) I am just curious about this. If someone can break down to me what are the possibilities of something like this? So let me break down in steps EXACTLY:

1. I login on the exchange, the deposit address looks like it's already pre-set and the QR code is missing.
2. If I hit refresh button on the exchange it still stays the same "pre-set deposit address and QR code still missing"

3. If I login from my phone the site has my normal deposit address and everything is fine.

None of the exchanges where I had account had logins or breaches, everything was in tact and fine. No withdrawals no losses, literally nothing wrong. Only upon login on the site the deposit address is already pre-set and the QR code is missing (I guess QR code is missing so you don't scan it with phone since it will give the right address).

[hugeblack]

I do not think that this virus was so sophisticated, but it was changing all the things you copied and similar to the Bitcoin address to another address or the address of the hacker while hiding all the methods of scanning the QR so that it was difficult for you to detect scam.
suck hacks are for newbie or who makes fast exchange and doesnot check address.
In general, such viruses need access to the permissions of the core, which means that you have installed programs from an unknown source or an update from an unknown source.

Next time avoid download any unknown app/service.

[BitMaxz]

It's likely a virus that can hijack your browser and change everything every time you access the deposit page on exchanges.

I can't find the name of this virus but it's nearly the same as the hijack virus. When I try to search on Google mostly the result is clipboard malware but your case is not and they try to edit the deposit address on exchanges so it could be a hijack virus.

There is a cryptojacking but this virus only mines secretly in your machine if you are infected with this virus.

I tried to search but it seems it does not have a name yet I can't find the exact name of this but it looks like a hijack virus or Cross-site script attack.
Your browser might have an infected plugin that could change the information of your deposit address from exchanges.