Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      Bipo

      First Android Clipboard Hijacking Crypto Malware Found On Google Play Store

      1 post in this topic

      Hidden Content

        Give reaction to this post to see the hidden content.

       
       
       
      February 11, 2019

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
      A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users.

      The malware, described as a "Clipper," masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android clipboard with one belonging to attackers, ESET researcher Lukas Stefanko explained in a 

      Hidden Content

        Give reaction to this post to see the hidden content.
      .

      Since cryptocurrency wallet addresses are made up of long strings of characters for security reasons, users usually prefer copying and pasting the wallet addresses using the clipboard over typing them out.

      The newly discovered clipper malware, dubbed Android/Clipper.C by ESET, took advantage of this behavior to steal users cryptocurrency.

      To do this, attackers first tricked users into installing the malicious app that impersonated a legitimate cryptocurrency service called MetaMask, claiming to let users run Ethereum decentralized apps in their web browsers without having to run a full Ethereum node.

      Officially, the legitimate version of MetaMask is only available as a web browser extension for Chrome, Firefox, Opera, or Brave, and is not yet launched on any mobile app stores.

      However, Stefanko spotted the malicious MetaMask app on Play Store targeting users who want to use the mobile version of the service by changing their legitimate cryptocurrency wallet address to the hacker's own address via the clipboard.
      As a result, users who intended to transfer funds into a cryptocurrency wallet of their choice would instead make a deposit into the attacker's wallet address pasted by the malicious app.
       
      "Several malicious apps have been caught previously on Google Play impersonating MetaMask. However, they merely phished for sensitive information with the goal of accessing the victims' cryptocurrency funds," Stefanko 

      Hidden Content

        Give reaction to this post to see the hidden content.
      .

      "Android Clipper targeted Bitcoin and Ethereum cryptocurrency addresses when being copied in to clipboard and replaced them with the attacker’s wallet address. Once this transaction is sent, it can not be canceled."

      Stefanko spotted the malicious MetaMask app, which he believes was the first Android Trojan Clipper to be discovered on Play Store, shortly after its introduction to the app store on February 1.
       

      Google took down the malicious app almost immediately after being notified by the researcher.

      While the bitcoin price has been dropped steadily since hitting its all-time high in December 2017, there is no reduction (in fact rise) in the cryptocurrency scandals, thefts, and scams that continue to plague the industry.

      Just last week, The Hacker News reported how customers of the largest Canadian bitcoin exchange 

      Hidden Content

        Give reaction to this post to see the hidden content.
       in cryptocurrency after the sudden death of its owner who was the only one with access to the company's cold (offline) storage wallets. However, some users and researchers are suggesting the incident could be an exit scam.
      • Like 2

      Share this post


      Link to post
      Share on other sites

      Create an account or sign in to comment

      You need to be a member in order to leave a comment

      Create an account

      Sign up for a new account in our community. It's easy!

      Register a new account

      Sign in

      Already have an account? Sign in here.

      Sign In Now

      • Similar Content

        • By dEEpEst
          To remove a Trojan, Virus, Worm, or other Malware from Windows, follow these steps: 

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          How To Hack/Unlock Android Pattern Lock

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By sQuoII
          " _ _ " " _ /|| . . ||\ _ " " ( } \||D ' ' ' C||/ { % " " | /\__,=_[_] ' . . ' [_]_=,__/\ |" " |_\_ |----| |----| _/_|" " | |/ | | | | \| |" " | /_ | | | | _\ |" It is all fun and games until someone gets hacked! ------------------------------------------------------------------------------------------ Explanations: cache: If you include other words in the query, Google will highlight those words within the cached document. For instance, [cache:www.google.com web] will show the cached content with the word “web” highlighted. This functionality is also accessible by clicking on the “Cached” link on Google’s main results page. The query [cache:] will show the version of the web page that Google has in its cache. For instance, [cache:www.google.com] will show Google’s cache of the Google homepage. Note there can be no space between the “cache:” and the web page url. ------------------------------------------------------------------------------------------ link: The query [link:] will list webpages that have links to the specified webpage. For instance, [link:www.google.com] will list webpages that have links pointing to the Google homepage. Note there can be no space between the “link:” and the web page url. ------------------------------------------------------------------------------------------ related: The query [related:] will list web pages that are “similar” to a specified web page. For instance, [related:www.google.com] will list web pages that are similar to the Google homepage. Note there can be no space between the “related:” and the web page url. ------------------------------------------------------------------------------------------ info: The query [info:] will present some information that Google has about that web page. For instance, [info:www.google.com] will show information about the Google homepage. Note there can be no space between the “info:” and the web page url. ------------------------------------------------------------------------------------------ define: The query [define:] will provide a definition of the words you enter after it, gathered from various online sources. The definition will be for the entire phrase entered (i.e., it will include all the words in the exact order you typed them). ------------------------------------------------------------------------------------------ stocks: If you begin a query with the [stocks:] operator, Google will treat the rest of the query terms as stock ticker symbols, and will link to a page showing stock information for those symbols. For instance, [stocks: intc yhoo] will show information about Intel and Yahoo. (Note you must type the ticker symbols, not the company name.) ------------------------------------------------------------------------------------------ site: If you include [site:] in your query, Google will restrict the results to those websites in the given domain. For instance, [help site:www.google.com] will find pages about help within www.google.com. [help site:com] will find pages about help within .com urls. Note there can be no space between the “site:” and the domain. ------------------------------------------------------------------------------------------ allintitle: If you start a query with [allintitle:], Google will restrict the results to those with all of the query words in the title. For instance, [allintitle: google search] will return only documents that have both “google” and “search” in the title. ------------------------------------------------------------------------------------------ intitle: If you include [intitle:] in your query, Google will restrict the results to documents containing that word in the title. For instance, [intitle:google search] will return documents that mention the word “google” in their title, and mention the word “search” anywhere in the document (title or no). Note there can be no space between the “intitle:” and the following word. Putting [intitle:] in front of every word in your query is equivalent to putting [allintitle:] at the front of your query: [intitle:google intitle:search] is the same as [allintitle: google search]. ------------------------------------------------------------------------------------------ allinurl: If you start a query with [allinurl:], Google will restrict the results to those with all of the query words in the url. For instance, [allinurl: google search] will return only documents that have both “google” and “search” in the url. Note that [allinurl:] works on words, not url components. In particular, it ignores punctuation. Thus, [allinurl: foo/bar] will restrict the results to page with the words “foo” and “bar” in the url, but won’t require that they be separated by a slash within that url, that they be adjacent, or that they be in that particular word order. There is currently no way to enforce these constraints. ------------------------------------------------------------------------------------------ inurl: If you include [inurl:] in your query, Google will restrict the results to documents containing that word in the url. For instance, [inurl:google search] will return documents that mention the word “google” in their url, and mention the word “search” anywhere in the document (url or no). Note there can be no space between the “inurl:” and the following word. Putting “inurl:” in front of every word in your query is equivalent to putting “allinurl:” at the front of your query: [inurl:google inurl:search] is the same as [allinurl: google search]. ------------------------------------------------------------------------------------------ Nina Simone intitle:”index.of” “parent directory” “size” “last modified” “description” I Put A Spell On You (mp4|mp3|avi|flac|aac|ape|ogg) -inurl:(jsp|php|html|aspx|htm|cf|shtml|lyrics-realm|mp3-collection) -site:.info Bill Gates intitle:”index.of” “parent directory” “size” “last modified” “description” Microsoft (pdf|txt|epub|doc|docx) -inurl:(jsp|php|html|aspx|htm|cf|shtml|ebooks|ebook) -site:.info parent directory /appz/ -xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent directory DVDRip -xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent directory Xvid -xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent directory Gamez -xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent directory MP3 -xxx -html -htm -php -shtml -opendivx -md5 -md5sums parent directory Name of Singer or album -xxx -html -htm -php -shtml -opendivx -md5 -md5sums filetype:config inurl:web.config inurl:ftp “Windows XP Professional” 94FBR ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:"budget approved") inurl:confidential ext:(doc | pdf | xls | txt | ps | rtf | odt | sxw | psw | ppt | pps | xml) (intext:confidential salary | intext:”budget approved”) inurl:confidential ext:inc "pwd=" "UID=" ext:ini intext:env.ini ext:ini Version=... password ext:ini Version=4.0.0.4 password ext:ini eudora.ini ext:ini intext:env.ini ext:log "Software: Microsoft Internet Information Services *.*" ext:log "Software: Microsoft Internet Information ext:log "Software: Microsoft Internet Information Services *.*" ext:log \"Software: Microsoft Internet Information Services *.*\" ext:mdb inurl:*.mdb inurl:fpdb shop.mdb ext:mdb inurl:*.mdb inurl:fpdb shop.mdb ext:mdb inurl:*.mdb inurl:fpdb shop.mdb filetype:SWF SWF filetype:TXT TXT filetype:XLS XLS filetype:asp DBQ=" * Server.MapPath("*.mdb") filetype:asp "Custom Error Message" Category Source filetype:asp + "[ODBC SQL" filetype:asp DBQ=" * Server.MapPath("*.mdb") filetype:asp DBQ=\" * Server.MapPath(\"*.mdb\") filetype:asp “Custom Error Message” Category Source filetype:bak createobject sa filetype:bak inurl:"htaccess|passwd|shadow|htusers" filetype:bak inurl:\"htaccess|passwd|shadow|htusers\" filetype:conf inurl:firewall -intitle:cvs filetype:conf inurl:proftpd. PROFTP FTP server configuration file reveals filetype:dat "password.dat filetype:dat \"password.dat\" filetype:eml eml +intext:"Subject" +intext:"From" +intext:"To" filetype:eml eml +intext:\"Subject\" +intext:\"From\" +intext:\"To\" filetype:eml eml +intext:”Subject” +intext:”From” +intext:”To” filetype:inc dbconn filetype:inc intext:mysql_connect filetype:inc mysql_connect OR mysql_pconnect filetype:log inurl:"password.log" filetype:log username putty PUTTY SSH client logs can reveal usernames filetype:log “PHP Parse error” | “PHP Warning” | “PHP Error” filetype:mdb inurl:users.mdb filetype:ora ora filetype:ora tnsnames filetype:pass pass intext:userid filetype:pdf "Assessment Report" nessus filetype:pem intext:private filetype:properties inurl:db intext:password filetype:pst inurl:"outlook.pst" filetype:pst pst -from -to -date filetype:reg reg +intext:"defaultusername" +intext:"defaultpassword" filetype:reg reg +intext:\"defaultusername\" +intext:\"defaultpassword\" filetype:reg reg +intext:â? WINVNC3â? filetype:reg reg +intext:”defaultusername” +intext:”defaultpassword” filetype:reg reg HKEY_ Windows Registry exports can reveal filetype:reg reg HKEY_CURRENT_USER SSHHOSTKEYS filetype:sql "insert into" (pass|passwd|password) filetype:sql ("values * MD5" | "values * password" | "values * encrypt") filetype:sql (\"passwd values\" | \"password values\" | \"pass values\" ) filetype:sql (\"values * MD\" | \"values * password\" | \"values * encrypt\") filetype:sql +"IDENTIFIED BY" -cvs filetype:sql password filetype:sql password filetype:sql “insert into” (pass|passwd|password) filetype:url +inurl:"ftp://" +inurl:";@" filetype:url +inurl:\"ftp://\" +inurl:\";@\" filetype:url +inurl:”ftp://” +inurl:”;@” filetype:xls inurl:"email.xls" filetype:xls username password email index of: intext:Gallery in Configuration mode index.of passlist index.of perform.ini mIRC IRC ini file can list IRC usernames and index.of.dcim index.of.password intext:" -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board" intext:"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd intext:"#mysql dump" filetype:sql intext:"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3 intext:"A syntax error has occurred" filetype:ihtml intext:"ASP.NET_SessionId" "data source=" intext:"About Mac OS Personal Web Sharing" intext:"An illegal character has been found in the statement" -"previous message" intext:"AutoCreate=TRUE password=*" intext:"Can't connect to local" intitle:warning intext:"Certificate Practice Statement" filetype:PDF | DOC intext:"Certificate Practice Statement" inurl:(PDF | DOC) intext:"Copyright (c) Tektronix, Inc." "printer status" intext:"Copyright © Tektronix, Inc." "printer status" intext:"Emergisoft web applications are a part of our" intext:"Error Diagnostic Information" intitle:"Error Occurred While" intext:"Error Message : Error loading required libraries." intext:"Establishing a secure Integrated Lights Out session with" OR intitle:"Data Frame - Browser not HTTP 1.1 compatible" OR intitle:"HP Integrated Lights- intext:"Fatal error: Call to undefined function" -reply -the -next intext:"Fill out the form below completely to change your password and user name. If new username is left blank, your old one will be assumed." -edu intext:"Generated by phpSystem" intext:"Generated by phpSystem" intext:"Host Vulnerability Summary Report" intext:"HostingAccelerator" intitle:"login" +"Username" -"news" -demo intext:"IMail Server Web Messaging" intitle:login intext:"Incorrect syntax near" intext:"Index of" /"chat/logs" intext:"Index of /network" "last modified" intext:"Index of /" +.htaccess intext:"Index of /" +passwd intext:"Index of /" +password.txt intext:"Index of /admin" intext:"Index of /backup" intext:"Index of /mail" intext:"Index of /password" intext:"Microsoft (R) Windows * (TM) Version * DrWtsn32 Copyright (C)" ext:log intext:"Microsoft CRM : Unsupported Browser Version" intext:"Microsoft ® Windows * ™ Version * DrWtsn32 Copyright ©" ext:log intext:"Network Host Assessment Report" "Internet Scanner" intext:"Network Vulnerability Assessment Report" intext:"Network Vulnerability Assessment Report" intext:"Network Vulnerability Assessment Report" 本文来自 pc007.com intext:"SQL Server Driver][SQL Server]Line 1: Incorrect syntax near" intext:"Thank you for your order" +receipt intext:"Thank you for your order" +receipt intext:"Thank you for your purchase" +download intext:"The following report contains confidential information" vulnerability -search intext:"phpMyAdmin MySQL-Dump" "INSERT INTO" -"the" intext:"phpMyAdmin MySQL-Dump" filetype:txt intext:"phpMyAdmin" "running on" inurl:"main.php" intextpassword | passcode) intextusername | userid | user) filetype:csv intextpassword | passcode) intextusername | userid | user) filetype:csv intitle:"index of" +myd size intitle:"index of" etc/shadow intitle:"index of" htpasswd intitle:"index of" intext:connect.inc intitle:"index of" intext:globals.inc intitle:"index of" master.passwd intitle:"index of" master.passwd 007电脑资讯 intitle:"index of" members OR accounts intitle:"index of" mysql.conf OR mysql_config intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" spwd intitle:"index of" user_carts OR user_cart intitle:"index.of *" admin news.asp configview.asp intitle:("TrackerCam Live Video")|("TrackerCam Application Login")|("Trackercam Remote") -trackercam.com intitle:(“TrackerCam Live Video”)|(“TrackerCam Application Login”)|(“Trackercam Remote”) -trackercam.com inurl:admin inurl:userlist Generic userlist files ------------------------------------------------------------------------------------------ Using special search string to find vulnerable websites: inurl:php?=id1 inurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= andinurl:index.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num=
          Hidden Content
          Give reaction to this post to see the hidden content.
        • By dEEpEst
          How to Install a Complete Linux Distro on Android

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By sQuoII

          Hidden Content
          Give reaction to this post to see the hidden content.  
          Your All-Powerful Android Manager. From data management to cross-device transfer, take complete control of your Android mobile content from one convenient place and in every way you’ll enjoy.
          Take Precious Memories with You to The New Phone
          Switching to a new phone doesn’t necessarily mean to leave your precious memories behind. With AnyTrans, you can move over all your essentials seamlessly, securely, and speedily. Contacts of friends and family, photos of life highlights, messages you want to keep, music you like to listen, even the apps you get to use everyday. Everything you love is there on your new phone for you to pick up – no matter it’s from an old Android phone or iPhone.
          Move Between Android Mobiles
          Covering literally all Android mobiles, AnyTrans enables you to migrate data freely between any phones. It breaks the limits of brands, models and Android versions. So you can bring everything important with you and move around smoothly.
          See how to move freely between Android mobiles
          Switch from iOS to Android
          AnyTrans fills up the huge gap between iOS and Android systems, and makes the switch insanely easy as just one click. No fear of compatibility issues. All your data from iPhone will be automatically converted to Android supported formats.
          A World of Videos & Music, Always in Your Hand
          You like watching videos, so AnyTrans makes the whole world of entertainment available to you, whenever and wherever you want. You can freely download favorite movies, TV shows or any videos, as well as music, from YouTube and other 900+ sites. AnyTrans will pick out the optimal resolution of each video, smartly convert them to an Android compatible format, and save picked videos to your phone or tablet – all for your best viewing experience. Now, you’ll always have something great to enjoy while you’re commuting to work, traveling, or just standing in line somewhere without an Internet connection.
          Personal Connections
          With thousands of contacts and messages stored in your phone, it’s never an easy job to keep your important personal info safe and organized. Now, AnyTrans brings you an incredibly comfortable way to manage and back up your contacts, messages and other essential data. Also, you can move them to another phone as you wish. Your connections will always be at your fingertips.
          Media Collections
          Your phone is crowded with songs, photos, videos, and more media. You’ll never want these files to mess it up. So AnyTrans lets you manage them conveniently. You can keep valued photos safe with a backup, or hide private images to avoid privacy leaks. It’s also easy to add music & videos to your phone and keep them well organized. Your media collections are under your full control.
          All Apps
          Apps make your life productive and fun, but managing them is tedious and time-wasting. Now AnyTrans makes the painful management a breeze. You can batch install and uninstall a bunch of apps in a blink of an eye. Or copy daily-used apps from one phone straight to another in a tap. No more exhausting one-by-one manual operations. App management is ultra easy and efficient.
          More Files
          Not just for personal info, media files and apps, AnyTrans helps you manage various types of files. It transfers large files with lighting-fast speed to save you a huge amount of time. Rename your files and folders to make them more identifiable to you. Categorize scattered files into folders to keep your content well organized. And more. You’ll experience superb management of your Android data.


          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content. Pass:
          level23hacktools.com