Latest on ATNET:

#crypto-fundamentals #yield
#yield #crypto-tools

Twitter Memes: The most deceptive way of infecting your devices with cryptostealers

Altcoin Trading Blog
10/15/21 · Reports

Note: This report was written in 2018 and remains published for reference purposes only.

A short call to those of you who have a wallet for daily expenses or trading on a computer or phone that is used for 'safe' day-to-day work and browsing.
Crypto Trading Strategy - 5 Weeks of Onboarding Reads: Subscribe and select "All Posts" or "Strategy & Security" as your preference.

If you have been around digital currencies for a bit, you probably know that in terms of security the only thing you can say with certainty is the next vulnerability will be an unexpected one.

We had Trezor hardware wallets hacked by a teenager through a “trivial bug”.

Ledger Wallet went through something similar a few times, not even mentioning all the campaigns targeting Exodus or Jaxx.

We also had an (apparently exploited) vulnerability in Electrum wallet, which passed unnoticed for way too many years.

Devices Separated for Activities

Because of this aspect of security, it became the best practice to separate your devices: For your convenience you can safely keep having your day-to-day wallet on your normal laptop as long as you don’t access notorious sites like streaming that have malicious ads, and as long as you are careful about what you are clicking at in your emails. For whatever downloading or streaming you want to do you can simply have an old phone that is good for nothing anyway and can act like your burner.

But What Is Safe?

The problem is the definition of “safe activities” for your day-to-day device keeps narrowing. We know it is not safe to have installed TeamViewer or similar remote control software. We know there might be another bug in Telegram.

The campaign reported recently at TrendMicro takes it to a whole new level though: A malicious script distributes via Twitter memes.

The malicious part is embedded in the image via an old technique called steganography that we mentioned in an older security post as a method about hiding secret text phrases like perhaps parts or your seed. Uploading the enriched picture to social networks doesn’t necessarily strip off the embedded information.

In the case of the malicious memes, you download the image which activates the script inside it. This particular edition acts only as a communication tool, it grabs screens of your active windows, looks for a particular malware you got from somewhere else and perhaps downloads other malicious memes (you wouldn’t notice, would you?).

If it works, it will be reused

The way the business of malware works in 2018 though is you test the waters with something low-key and if it kind of works, you add stuff like Monero miners and scanning for cryptocurrency wallets. These building blocks are available commercially for cheap and especially with the illicit mining (cryptojacking) provide quite a reliable source of long-term income.

Either way: The distribution model relies on users downloading the good memes onto their computer. Now that you’re wiser you can simply screenshot them instead to be on the safe side.

Latest Airdrops

Ledger Nano X Opportunity - until 3 Jan
Last chance for old pricing ($119 -> $149)! Ledger just announced that due to supply shortages in computer chips, they are increasing prices of their Nano X wallets from 3rd January. The price of Ledger Nano X goes from $119 to $149 on all orders from 3 Jun onwards. Bundles get a price hike likewise. Nano S remains at all prices.
Phemex Investment Bonus Event - until 28 Dec
If you buy or deposit BTC or USDT into Phemex for the first ever time, then transfer those funds to your investment account, you’ll receive 100% of your net deposit matched in 7-day fixed trial funds to your investment account. The bonus will be paid out on 28 Dec. You must fill out the linked form to be eligible for the bonus!
Jigstag DAO Santa Airdrop - until 10 Jan
$20,000 worth of $STAK will be distributed to 500 successful participants in the “Santa airdrop”. You just need to log in with MetaMask and fill that ERC20 address into the gleam form. There are social media tasks that increase your chances.