Latest on ATNET:

#spend-your-crypto #yield
#portfolio-diversification #defi
NEW STRATEGY   Nft trading  · 09/04/21

Twitter Memes: The most deceptive way of infecting your devices with cryptostealers

Altcoin Trading Blog
08/08/21 · Reports

Note: This report was written in 2018 and remains published for reference purposes only.

A short call to those of you who have a wallet for daily expenses or trading on a computer or phone that is used for 'safe' day-to-day work and browsing.
Crypto Trading Strategy - 5 Weeks of Onboarding Reads: Subscribe and select "All Posts" or "Strategy & Security" as your preference.

If you have been around digital currencies for a bit, you probably know that in terms of security the only thing you can say with certainty is the next vulnerability will be an unexpected one.

We had Trezor hardware wallets hacked by a teenager through a “trivial bug”.

Ledger Wallet went through something similar a few times, not even mentioning all the campaigns targeting Exodus or Jaxx.

We also had an (apparently exploited) vulnerability in Electrum wallet, which passed unnoticed for way too many years.

Devices Separated for Activities

Because of this aspect of security, it became the best practice to separate your devices: For your convenience you can safely keep having your day-to-day wallet on your normal laptop as long as you don’t access notorious sites like streaming that have malicious ads, and as long as you are careful about what you are clicking at in your emails. For whatever downloading or streaming you want to do you can simply have an old phone that is good for nothing anyway and can act like your burner.

But What Is Safe?

The problem is the definition of “safe activities” for your day-to-day device keeps narrowing. We know it is not safe to have installed TeamViewer or similar remote control software. We know there might be another bug in Telegram.

The campaign reported recently at TrendMicro takes it to a whole new level though: A malicious script distributes via Twitter memes.

The malicious part is embedded in the image via an old technique called steganography that we mentioned in an older security post as a method about hiding secret text phrases like perhaps parts or your seed. Uploading the enriched picture to social networks doesn’t necessarily strip off the embedded information.

In the case of the malicious memes, you download the image which activates the script inside it. This particular edition acts only as a communication tool, it grabs screens of your active windows, looks for a particular malware you got from somewhere else and perhaps downloads other malicious memes (you wouldn’t notice, would you?).

If it works, it will be reused

The way the business of malware works in 2018 though is you test the waters with something low-key and if it kind of works, you add stuff like Monero miners and scanning for cryptocurrency wallets. These building blocks are available commercially for cheap and especially with the illicit mining (cryptojacking) provide quite a reliable source of long-term income.

Either way: The distribution model relies on users downloading the good memes onto their computer. Now that you’re wiser you can simply screenshot them instead to be on the safe side.

Latest Airdrops

Total 700k USD pool in Braintrust contest - until 30 Sep
BrainTrust is a gig marketplace like Fiverr. To promote their token launch, they are airdropping some to the total of 537 winners. The first prize amounts to 35k USD, the lowest tier winners get 700 USD each.
Provide liquidity and earn $GOC - weekly
Due to great demand for liquidity on the PancakeSwap exchange, there will be a $GOC airdrop to top 10 liquidity providers in the GoC/BNB pool on PancakeSwap.🥞 Snapshots of the top 10 liquidity providers will be taken every Friday at 10 am UTC. This is a recurring airdrop.
NFT airdrop Metacoin - 21 Sep
The Korean Metacoin project drops NFT gifts on 21 Sep which is a holiday in Korea.