Watch Out for More Advanced Malware Attacks

19 replies 400 views
moon_2019Full Member
Posts: 26 · Reputation: 280
#1Sep 11, 2019, 06:45 PM
Lately, I've noticed that malware attempts here are getting way more advanced. Here are some methods I've come across. With the really smart attacks, just using common sense and running virus scans isn't enough to stay safe anymore. "latest wallet" or "custom wallet" or "faster miner". A newbie might ask for the newest wallet, or one without transaction fees, or the speediest miner. The attacker jumps in with a malicious link. Thankfully, this kind of scam usually gets caught pretty fast. Fake or copied ANN. An attacker sets up a new ANN thread and drops a malware link disguised as a wallet link (or they might start with a legit one and switch it to malware later). Changing links in quotes. The attacker takes a legit post that has a download link from the real dev (usually from the OP or an update) and swaps the link in that quote for a malware link. Hacked developer account. Sometimes, a developer's account gets hacked, and they post a "mandatory update." This is common with old or abandoned coins where the actual developer might not be around to catch the shady update. Packed or FUD executables. In many of these cases, the malware barely shows up on virus detection tools. This is because any script kiddie can shell out 30 bucks to get their malware crypted, making it practically invisible. Modified source with a backdoor. Recently, a user tipped me off about this. A newbie posed as someone trying to revive a coin and shared a new client along with its source code. But the source was messed with to include a backdoor.
3 Reply Quote Share
n0nc307Member
Posts: 1 · Reputation: 52
#2Sep 11, 2019, 10:26 PM
Could you please post the coin's name and maybe others that you may have found ?
3 Reply Quote Share
Posts: 1 · Reputation: 69
#3Sep 12, 2019, 02:40 AM
correct me if im wrong but maleware its generecly for executables in windows no? i mean the wallets are but its not kaspersky enough? if not why do we need to protect from the case of reteiving passorws from the users and other stuff from enven pen drives with wallets (including the common coins ones) like doge ltc btc and a few more.
0 Reply Quote Share
Posts: 1 · Reputation: 55
#4Sep 13, 2019, 08:46 AM
I was checking some IRC bootstrap connections and found some additional info. Kinda looks ripe for the picking by a exploit. https://bitcointalk.org/index.php?topic=943519.new#new
4 Reply Quote Share
Posts: 3 · Reputation: 109
#5Sep 13, 2019, 09:25 AM
I'm adding this to the list of possible scams: https://bitcointalk.org/index.php?topic=951827.0
2 Reply Quote Share
Posts: 16 · Reputation: 223
#6Sep 13, 2019, 12:51 PM
This is found in the "Lucky7coin" source code, as linked above.
0 Reply Quote Share
Posts: 1 · Reputation: 94
#7Sep 14, 2019, 03:03 AM
I'd like to add the bitcoinwisdomapp.com to the blacklist. It's a keylogger behind it.
2 Reply Quote Share
diamond88Member
Posts: 7 · Reputation: 159
#8Sep 14, 2019, 06:10 AM
Any thoughts ? EDIT SPR, ORB and at least one or two other coins are using this faucet/ block explorer site.
3 Reply Quote Share
Posts: 3 · Reputation: 109
#9Sep 14, 2019, 08:27 AM
The multifaucet.tk wallet search would redirect you to a third-party ad network. Subsequently, the ad network would redirect you to the destination page -- which, in this case, is the result of the wallet search. I'm in California; the ad network being shown is adf.ly. Depending on your geographic location, you may get a different ad network. These third-party sites generate revenue for multifaucet upon every ad view. This is paid for by the ad publisher. However, multifaucet has no control of what ads are being shown. To maximize their profits, ad publishers may show ads that may lead to malware, which promises higher margins than conventional ads. In my case, I encountered the following page:
5 Reply Quote Share
diamond88Member
Posts: 7 · Reputation: 159
#10Sep 14, 2019, 02:21 PM
In my case, IE11 was completely locked up and I had to be fast with the "end process" clicks. I've never had my browser hijacked like this. That is unless we count AMD's user surveys they keep imposing on us after a driver install. lol
0 Reply Quote Share
byte777Member
Posts: 1 · Reputation: 96
#11Sep 14, 2019, 05:09 PM
That's terrible. Anyone of you encountered the ransom cryptolocker? I heard about it not long ago. What is wrong with people?
1 Reply Quote Share
Posts: 1 · Reputation: 92
#12Sep 14, 2019, 10:19 PM
Would running each wallet/miner in a different virtual machine with virtualbox prevent the effects of this kind of malware?
3 Reply Quote Share
Posts: 3 · Reputation: 109
#13Sep 15, 2019, 02:14 AM
Yes, that would be one solution.
2 Reply Quote Share
jakebullMember
Posts: 2 · Reputation: 64
#14Sep 15, 2019, 02:57 AM
Wow.. this is like so pointless (not the thread, the 'hack') nowadays.. why not just place a keylogger in bios, then no matter what os folks use, you have 100% access to whatever machines are connected? Edit: Hint: Speedracer.
0 Reply Quote Share
moon_2019Full Member
Posts: 26 · Reputation: 280
#15Sep 15, 2019, 04:12 AM
http://events.ccc.de/congress/2014/Fahrplan/system/attachments/2565/original/speed_racer_whitepaper.pdf
2 Reply Quote Share
nick07Member
Posts: 9 · Reputation: 117
#16Sep 16, 2019, 08:45 AM
Thanks for being on top of this and keeping us informed, we do appreciate it!
3 Reply Quote Share
jakebullMember
Posts: 2 · Reputation: 64
#17Sep 16, 2019, 02:00 PM
Lol, this was just the beginning, If I can put a keylogger in my 64mb lappy bios.. I can do it with anyone.. Keep in mind this hack was released solely by them to LOCKDOWN your bios so you cant tamper with overclocking your machine.. the security they released after this demonstration is exactly how they get into your bios as only the NSA would LOVE. Edit: There is need for a new style of bios security, like anti virus, which, when your bios gets bigger, can load in bios FIRST, before bios is loaded.. it's not as hard as you think, but I'm not THAT good..
4 Reply Quote Share
Posts: 8 · Reputation: 156
#18Sep 16, 2019, 02:32 PM
I just received something like this an hour ago.  I was surfing Ebay and laughed when I saw PimpCash.  Having to see if it was real, I went to pimpcash.com. Immediately something like what you showed came up.  However, for me, it pretended to be my service provider and gave me a number to call.  I confess I did try to call but the ring didn't sound right.  Sounded like an old telephone.  I hung up and rebooted my computer.  Things seem to be ok now.  I ran a quick scan and all seems to be okay.  Is there anything else I should do to check to see if my computer is okay?
3 Reply Quote Share
diamond88Member
Posts: 7 · Reputation: 159
#19Sep 18, 2019, 08:24 PM
Please check your "program files(x86) and the youruser/appdata/local/TEMP folders ! The ASN client is a remote desktop hack ! https://bitcointalk.org/index.php?topic=984878.msg10951987#msg10951987
2 Reply Quote Share
seed2017Full Member
Posts: 130 · Reputation: 690
#20Sep 19, 2019, 01:16 AM
Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.
1 Reply Quote Share

Related topics