search

OmniLayer / omniwallet

Omni Protocol Hybrid Web-Wallet
https://www.omniwallet.org
GNU Affero General Public License v3.0
327 stars 187 forks source link

email virus, java trojan.jar #955

Closed spacelite closed 10 years ago

spacelite commented 10 years ago

Caution,

New Java based. Jar virus is capable of compromising linux systems as well as windows that have java enabled.

Email reads:

Some CAVIRTEX customers are getting spammed with another round of the infamous "invoice.jar" remote access trojan (RAT) malware. DO NOT OPEN THE ATTACHMENT. Previous analysis of the malware by CAVIRTEX showed that the malware could automatically hunt down bitcoin, litecoin, and other cryptocurrency wallets, automatically sending them to the attacker. The malware also allows an attacker to gain full control of the victim's system. This includes logging the password of users while accessing their CAVIRTEX account.

The malware works on both Windows and Linux systems.

To help prevent the spread of this email, if possible please mark the message as spam with your email provider.

The message has a spoofed From field to make it appear as if it were coming from us. We did not send this email.

Also CAVIRTEX will not send you any e-mails with attachments, if in doubt please call or email customer service before opening any attachments.

achamely commented 10 years ago

not applicable to omniwallet code base

dexX7 commented 10 years ago

@spacelite: can you upload the malware sample for analysis?

Not that I expect something to discover -- but I once disasssembled a .NET wallet stealer where the malware stole the wallet.dat file and the author used gmail to transfer it - luckily he was stupid and I was able to extract the gmail credentials -- and guess what: turned out this guy reused the password somewhere else and mixed real life with "business" ... :) :) :)

genecyber commented 10 years ago

One time I did some similar    analisys and ended up on a private command and control irc server. Thousands of nodes, each node could issue commands so I could too. Ended up it was chinese wow hackers who "sold shells" but  it's this reason that the old version of bitcoind wigged   me out when I saw it connecting  to irc.

On Fri, Sep 26, 2014 at 11:12 AM, dexX7 notifications@github.com wrote:

@spacelite: can you upload the malware sample for analysis?

Not that I expect something to discover -- but I once disasssembled a .NET wallet stealer where the malware stole the wallet.dat file and the author used gmail to transfer it - luckly he was stupid and I was able to extract the gmail credentials -- and guess what: turned out this guy reused the password somewhere else and mixed real life with "business" ... :) :) :)

Reply to this email directly or view it on GitHub: https://github.com/mastercoin-MSC/omniwallet/issues/955#issuecomment-56974880