GuptiMiner: Malware that attack AV and plant crypto miners and crypto wallets

[cryptomaniac_xxx]

Researchers was able to uncover hackers exploiting a supposedly mechanism of a known anti-virus from India, eScan and plant backdoors on it. This is a sophisticated attack and it said that it come from a well known state sponsored hacking group from North Korea.

Backdoors include crypto miner and a second module scanning for stored private keys and cryptowallets on the local system. So this is a double attack from the cyber criminals.

So just imagine how advance this invasion is, a anti-virus itself that they can stick their code and hijack it.

Below is the infection change. Although the initial point of attack is large corporations, still they can deploy it to focus on everyone specially crypto enthusiast.



https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/

[1715072373]

1715072373

[1715072373]

1715072373

[1715072373]

1715072373

[Amphenomenon]

This is one significant draw back of closed source software while I don't think the open sources anti virus are better than the close source since majority tends to use the closed source Anti-Virus.

eScan has a good trust rating but It will be better to use more trusted source or platform that's more well known, when one doesn't have a better open source alternative.

But I think the dev team has worked to do In order to avoid  issues like this next time. Also we should not take any changes we notice on our device likely especially relating to additional files being downloaded, which we are unaware of even if they're not looking malicious.

[Doan9269]

Researchers was able to uncover hackers exploiting a supposedly mechanism of a known anti-virus from India, eScan and plant backdoors on it. This is a sophisticated attack and it said that it come from a well known state sponsored hacking group from North Korea.

Crypto users have to be more careful and sensitive in making use of downloaded software like anti virus packages, some of them are not shielding against anything than to make the system get more vulnerable for an attack, just as this kind explains from the example made by OP, before we can make use of any software, we need to check for the review made on such and also conduct some thorough research from the crypto community if there is any threat associated or not.

[robelneo]

eScan has a good trust rating but It will be better to use more trusted source or platform that's more well known, when one doesn't have a better open source alternative.

I'm using an anti-virus and Escan is never in the top AV reviews by experts and this will further harm their credibility checking their reputation they received positive feedback from one AV reviewer but this one was decades ago.

But I think the dev team has worked to do In order to avoid  issues like this next time. Also we should not take any changes we notice on our device likely especially relating to additional files being downloaded, which we are unaware of even if they're not looking malicious.

Security is our main concern but if the AV that we are using is compromised then we are in deep trouble so check the latest reviews about AV if you're going to use one and don't compromise price over quality and reputation when it comes to AV.

[MicroScript]

It is very worrying that cybercriminals are also exploiting antivirus software like Escan. But how did they install the backdoor in the antivirus system? It is a matter of concern how users can identify or protect themselves against such sophisticated threats.

[Charles-Tim]

This is one significant draw back of closed source software while I don't think the open sources anti virus are better than the close source since majority tends to use the closed source Anti-Virus.

Anything close source software should not be trusted because you do not know what the code it is made up of. You do not know if the code has malware that its developers intentionally included before they are selling it or people downloading it. I do not think this should be about open or close source software but rather than not to be using or truth antivirus. Antimalware can not be trusted. The best you can do to your device is to avoid and making sure that malware will not get installed. This is better than to depend on antivirus or antimalware. What that can be done to avoid these malware are simple. Also that huge amount of coins should be stored on addresses of a cold wallet.

[Amphenomenon]

This is one significant draw back of closed source software while I don't think the open sources anti virus are better than the close source since majority tends to use the closed source Anti-Virus.

Anything close source software should not be trusted because you do not know what the code it is made up of. You do not know if the code has malware that its developers intentionally included before they are selling it or people downloading it. I do not think this should be about open or close source software but rather than not to be using or truth antivirus. Antimalware can not be trusted. The best you can do to your device is to avoid and making sure that malware will not get installed. This is better than to depend on antivirus or antimalware. What that can be done to avoid these malware are simple. Also that huge amount of coins should be stored on addresses of a cold wallet.

Actually this is what I'm currently doing, I don't use any anti-virus at the moment though I was once using it but immediately I switched to Linux, I just stopped.

I did stopped not mainly because I switched to Linux but just that I saw it wasn't a necessary protective measure against malware and the likes.

[Porfirii]

This is one significant draw back of closed source software while I don't think the open sources anti virus are better than the close source since majority tends to use the closed source Anti-Virus.

-snip-
I do not think this should be about open or close source software but rather than not to be using or truth antivirus. Antimalware can not be trusted. The best you can do to your device is to avoid and making sure that malware will not get installed. This is better than to depend on antivirus or antimalware. What that can be done to avoid these malware are simple. Also that huge amount of coins should be stored on addresses of a cold wallet.

Actually this is what I'm currently doing, I don't use any anti-virus at the moment though I was once using it but immediately I switched to Linux, I just stopped.

I did stopped not mainly because I switched to Linux but just that I saw it wasn't a necessary protective measure against malware and the likes.

The case in the OP is quite serious, but I don't think it justifies the decision not to have an antivirus. I'm not an expert, but that's cybersecurity 101: run an updated antivirus.

Maybe other users can corroborate that?

Because you can control to a great extent what you install in your computer, but taking into account that you can get infected by simply clicking on the wrong link, I find it quite necessary to have active protection enabled constantly.

[AVE5]

Researchers was able to uncover hackers exploiting a supposedly mechanism of a known anti-virus from India, eScan and plant backdoors on it. This is a sophisticated attack and it said that it come from a well known state sponsored hacking group from North Korea.

Crypto users have to be more careful and sensitive in making use of downloaded software like anti virus packages, some of them are not shielding against anything than to make the system get more vulnerable for an attack, just as this kind explains from the example made by OP, before we can make use of any software, we need to check for the review made on such and also conduct some thorough research from the crypto community if there is any threat associated or not.

I think this is one way beat option to stay cleaned and safe from any form of sophisticated and malicious programs that're targeted to steal crypto funds.
So let any bitcoin or crypto enthusiast not be too private to the kind of software programs to be in used on their crypto investments.
It's wise safer if we consults, enquires and make our necessary researches before forging to accept any software programs in ligns with our holdings.

So when an antivirus is being concerned, let's also have that suspectiousness that some kind malicious programs can be accompanied to It such as the antivirus could be mingled with the intentions to invade th system Privacies by the software programmers who'd be believed to be hackers.
So not really all antivirus programs are genuine for some are private invading programs.