New virus & malware automatically empties crypto exchange accounts

[The Cryptovator]

Thank you for sharing this which now has a lot of questions in my mind and made me confused.
Is the 2FA verification will really be bypassed by this malware? the OTP code that sends to our mobile number and the email verification process. Perhaps --those accounts that don't have these extra security levels will be affected by the malware infection, I am right?
Perhaps, your computer must always have extra security level protection against this.
Use anti-virus and anti-malware software that is reputable software on your computer, and keep it up to date with the latest virus definitions and also use a firewall --it can help to prevent malware from accessing your computer by blocking unauthorized incoming and outgoing network traffic.

There's nothing particularly surprising or confusing about this. When you log into an exchange, they typically require you to use two-factor authentication (2FA). However, hackers have developed tools that allow them to withdraw funds from your account using your 2FA code, whether it's a Google 2FA or SMS 2FA code. They accomplish this by using malware to input your 2FA code on their withdrawal page, thereby making the withdrawal appear legitimate. This is how even the Electrum wallet was hacked. You can look it up for more information.

[1715627037]

1715627037

[1715627037]

1715627037

[1715627037]

1715627037

[suzanne5223]

But what if the 2FA app is on another device?

There is no way the malware will be able to steal the code if the 2FA app is on another device but I believe the trick used by the hackers is to create a mirror of the exchange account or platform so once the 2FA code is entered it also automatically give access to their victim account. However, it is good to use paid update antivirus (internet security) software, set the firewall, always update your operating system software and always be cautious when opening and downloading attachments online.

[KiaKia]

This happens through browsers extensions too, be careful with Chrome browser and its extensions because there are a lot of bad extensions on there.

When it comes to bad malicious browser extensions, not even your antivirus can save you, also when accessing your exchange account make sure you need more than 2FA code to make a transaction.

I use binance exchange and I need two separate codes to approve a withdrawal, one straight to my mobile number and the second is my 2FA code, there is also an option to add extra layer security with a separate withdrawal code, some call this Fund password while others call it Anti-phishing.

[Ryker1]

Thank you for sharing this which now has a lot of questions in my mind and made me confused.
Is the 2FA verification will really be bypassed by this malware? the OTP code that sends to our mobile number and the email verification process. Perhaps --those accounts that don't have these extra security levels will be affected by the malware infection, I am right?
Perhaps, your computer must always have extra security level protection against this.
Use anti-virus and anti-malware software that is reputable software on your computer, and keep it up to date with the latest virus definitions and also use a firewall --it can help to prevent malware from accessing your computer by blocking unauthorized incoming and outgoing network traffic.

There's nothing particularly surprising or confusing about this. When you log into an exchange, they typically require you to use two-factor authentication (2FA). However, hackers have developed tools that allow them to withdraw funds from your account using your 2FA code, whether it's a Google 2FA or SMS 2FA code. They accomplish this by using malware to input your 2FA code on their withdrawal page, thereby making the withdrawal appear legitimate. This is how even the Electrum wallet was hacked. You can look it up for more information.

Thank you for your brief explanation.
Technically --I did not know that there is a kind of attack like this to uses malware to intercept 2FA codes and use them to gain unauthorized access to online accounts on the exchange.
One last more question --how about the exchange? are they not able to detect that the withdrawal comes from the attacker?
For example, changing of IP address upon requesting a withdrawal. Because as I know exchange platforms typically have enhanced security measures in place to detect and prevent unauthorized access and fraudulent activity. These measures may include monitoring unusual account activity, analyzing transaction patterns, and using machine learning algorithms to detect anomalies.

[tech30338]

You can read the full details here: "New Virus Automatically Empties Crypto Exchange Accounts" - this is the topic title used from that article.

However, we know that malware is quite dangerous for crypto users, mainly because they tend to visit various sites such as gambling and porn. It is easier to attack crypto users through porn sites. But it seems that this new malware is more dangerous than previous ones. It can obtain your two-factor authentication by tricking you, so be careful, guys.

It has been suggested for a long time not to store your crypto in an exchange. Instead, use a non-custodial wallet or a hardware wallet so that malware won't damage you when you are using a hardware wallet. Even a non-custodial software wallet isn't safe from malware if both are on the same device.

This is the reason why you should refrain yourself for visiting sites where you get infected with malware, and force you to install software, why i said force, it is because they are now in control of your computer, so to be safe, never ever visit these porn sites Free downloads of movies free software's, this is where they inject their malware and once you play or run an application their malware will also be installed, sometimes even without you knowing, i have been a victim before, if you are familiar with yahoo messenger where when you click a message your yahoo account starts sending others on your list, a link messages and once they have click that, it will spread like non stop, so if you are into crypto avoid doing this in your home network, even with antivirus sometimes when you accidentally allow it once, it will never be stop.

[Orpichukwu]

It's never a good option to hand over our security and assets protection into the hand of others, if one must use a centralized exchange, we should buy and withdraw back to our private wallet, centralized exchanges are suppose to be only for buying and selling and not for storing crypto.

whitelisting" an address so that he exchange will only allow withdrawals to previously whitelisted addresses.

These are the only measure I could think to prevent something bad from happening, or else you'd become a crybaby losing your hard-earned money.

To some point it's safer to whitelist an address which the exchange will only allow withdraw to, what then will happen if users lost access to that wallet? Like, the wallet becomes compromised, lost private key to it etc. Will their be another alternative to allow withdrawal with a different address or the users will be asked to pass other form of verification before it can be possible for a wallet change?

[Pmalek]

This is the reason why you should refrain yourself for visiting sites where you get infected with malware, and force you to install software, why i said force, it is because they are now in control of your computer, so to be safe, never ever visit these porn sites Free downloads of movies free software's, this is where they inject their malware.

Despite the warnings, many people do exactly that. Some of it is justified, others aren't. Torrenting and downloading torrents is popular and will always be popular. But at least pay attention where you get your torrents from, who the uploaders are, and what devices you watch those movies on. The same rules apply to porn or cracked software. Don't engage in these hobbies on the same device you use for your financials. Keep your money separated from everything else. Have a second device for work (if you need it) and a 3rd one for risky ventures like the ones you mentioned.

Thus, if you mess up and get your risky laptop infected, nothing bad can happen to laptops #2, #3, etc.   

[Bobrox]

Its possible with new virus and malware for accessing exchange account via mobile phone application? seems danger when hearing every day with new malware and virus exactly with computer without have securing access and easy got malware. But based on source link I read only talk about computer access with exchange account via browser or desktop and how possibilities with exchange account access trough mobile phone application?

Long term not accessing account exchange trough computer and ever use mobile phone exchange application like our local exchange have been support with application android and IOS, by the way will 2FA and email verification can't stopping with malware and virus to access our exchange account?