Fun with Viruses

Does anyone know of any computer viruses that they would like to see demoed on a machine? I’d like to explore some malware and share video of what it does to a computer. 

Know a good virus?

Testing CPU Usage on KissAnime with several Adblock/Anti-tracking extensions in Google Chrome            

Environment: Windows 7 Ultimate x64 4GB RAM 1 Processor/Core (Virtualized in VMware Workstation)

Web Browser: Google Chrome Tried Extensions: -uBlock Origin -Ghostery -Privacy Badger

Post on my blog about this (basically the same thing I added to this post): https://malwarepat.tumblr.com/post/168650929622/testing-cpu-usage-on-kissanime-with-several

Have questions/tips/requests regarding malware, adware, or general information security? Contact me @malwarepat

so it turns out one reason why kissanime’s been sucking ass lately in terms of load times is cause rapidvideo literally uses your browser to mine cryptocurrency???

Testing CPU Usage on KissAnime with several Adblock/Anti-tracking extensions in Google Chrome            

Environment: Windows 7 Ultimate x64 4GB RAM 1 Processor/Core (Virtualized in VMware Workstation)

Web Browser: Google Chrome Tried Extensions: -uBlock Origin -Ghostery -Privacy Badger

What prompted me to look into this: http://cherryflavoredtrickster.tumblr.com/post/168634049786/stupidbeecandle-wunkolo-backtornado-so-it

Tumblr Bitcoin Scam Messages Investigation

This post will contain details on my investigation into the Tumblr “Bitcoin” message fiasco. 

Bitcoin Wallets Mentioned

—–

Posts on my blog tagged “tumblr btc scam”

Help the Investigation:

If you receive one of these messages, please submit a screenshot of the message to https://malwarepat-btc.tumblr.com/submit.  It’ll help me to see the scope of what people are getting.  

Post where I learned of the malicious activity: https://malwarepat.tumblr.com/post/168419395787/iron-thorn-this-blog-did-not-and-will-not-send from @iron-thorn

If you receive one of these messages, please submit a screenshot of the message to https://malwarepat-btc.tumblr.com/submit.  It’ll help me in my investigation to see the scope of what people are getting.  

about that bitcoin thing

if you guys have received a bitcoin message from me, PLEASE tell me. it wasn’t me. it’s also a virus, as it seems. pls beware with that shit. ask your followers, mutuals, friends, etc. on tumblr. or just write a message on there, on tumblr. PLEASE reblog this post to spread the word. and also, tell me if you got a message from my account saying that. i highly recommend that if that happened with your account, change you email, your password, your email’s password, etc. if a link appears, PLEASE don’t open it.

If you receive one of these messages, please submit a screenshot of the message to https://malwarepat-btc.tumblr.com/submit.  It’ll help me in my investigation to see the scope of what people are getting.  

There seem to be some kind of tumblr virus going around, where blogs will send out messages to blogs they follow asking for seemingly small amounts of bitcoin in order to buy an item (like a camera or similar), followed by a link.

I don’t know if anyone has impersonated me yet, but considering @goattrain just told me he got a message from one of his long time followers I’m putting this here anyway:  I would never ask anyone to send me bitcoins, or randomly send anyone a message asking for donations either for that matter. So if you see one of these messages, please don’t send them any money and let me know.

Stay safe and ensure the person messaging you are indeed the person you think it is, alright? 

“chocolate-lover” Investigation

Links used in this campaign

Posts on my blog tagged “chocolateloverinvestigation”

---

Help the investigation!

If you receive a message that looks like the screenshot in this post, screenshot it and send it to me!

Submit screenshots here: https://malwarepat-chocolatelover.tumblr.com/submit

MalwarePat Joins the Fray                                    

Hello all, I’m just a friendly white hat looking to understand where the “bitcoin” messages are coming from and who is behind them.  If you receive one of these messages, please submit a screenshot of the message to https://malwarepat-btc.tumblr.com/submit.  It’ll help me to see the scope of what people are getting.  

Thanks!

-MalwarePat

if you get a message from me asking for bitcoin it’s fake because i have no idea how bitcoin works and i will only ask you for cold hard cash

MalwarePat Joins the Fray                                    

Hello all, I’m just a friendly white hat looking to understand where the “bitcoin” messages are coming from and who is behind them.  If you receive one of these messages, please submit a screenshot of the message to https://malwarepat-btc.tumblr.com/submit.  It’ll help me to see the scope of what people are getting.  

Thanks!

-MalwarePat

This blog did not and will not send requests for bitcoin donations.

There seems to be a virus or some sort of malware going around causing blogs to “send out” chat messages to blogs that they follow asking for help with the purchase of certain items through donations of seemingly small amounts using bitcoin and adds a link to the message.

The message goes as following (at least the first message I got went like this): “Hi there buddy. I need help, I’m trying to buy a laptop and I can’t afford it. I’m about 0.36$ short, and I’d really appreciate if you could help me and transfer some money to me via bitcoin using this *link*.”

The small details in the message seems to have a few variations with the greeting, amount and purchased item showing up in different variations from formal to friendly, from 0.016 to 2$ and from a phone case to a laptop among others.

The blogs that are affected send out the messages to blogs that they follow for a long time mostly, so you are most likely to receive the message from a long time, active follower whose name you might recognize or a mutual etc. The blogs that are affected are not spam bots but actual active followers who follow the recipient for months or years and most likely the blogger who “sent” the message is unaware of the message being sent.

DO NOT OPEN THE LINK.

Opening up the link will cause the virus to spread even more and infect your computer/mobile with any sort of malware.

If you have received a message of that sort from this blog please know that it was not sent by me or within my control and ignore/delete the message without clicking the link.

[URLs] - Tumblr "chocolate-lover” Messages Investigation

This post will have any links discovered in the Tumblr “chocolate-lover” Messages campaign.

DO NOT VISIT THESE LINKS

hxxps://goo.gl/EjVK9e --> Now disabled, used to point to a scam survey site in the hxxps://www.humanverify.net domain. 

hxxp://bit.ly/2gT9v62, hxxp://bit.ly/2gSD0Vi, hxxp://bit.ly/2uxAYPZ -> hxxps://www.humanverify.net/cl.php?id=f0a3ef4412298e6e57425a54b5327aa5&chocolate-lover15267

Completing the HumanVerify segment above redirects to hxxp://www.humanverify.net/contentlockers/u.php?id=0vhEVTB6vnEGatmzW%2Fui5smGAdBCtw7uD51YkquxrC4uuoTP4ZnMdwbrbmll09I3&r=aHR0cHM6Ly93d3cuaHVtYW52ZXJpZnkubmV0L2NsLnBocD9pZD1mMGEzZWY0NDEyMjk4ZTZlNTc0MjVhNTRiNTMyN2FhNSZjaG9jb2xhdGUtbG92ZXIxNTI2Nw%3D%3D

This long gibberish redirects to hxxps://www.tumblr.com/

The base64 encoded string aHR0cHM6Ly93d3cuaHVtYW52ZXJpZnkubmV0L2NsLnBocD9pZD1mMGEzZWY0NDEyMjk4ZTZlNTc0MjVhNTRiNTMyN2FhNSZjaG9jb2xhdGUtbG92ZXIxNTI2Nw== decodes to hxxps://www.humanverify.net/cl.php?id=f0a3ef4412298e6e57425a54b5327aa5&chocolate-lover15267 (the link from above)

[Wallets] - Tumblr Bitcoin Scam Messages Investigation

1JRynp7FjH9AKuht95Niigc7EU4GyqbnGFThis post will have any wallets discovered in the Tumblr Bitcoin Scam Messages campaign.

153PTtfzAzs4Nty8iFB1hUp9N7aCN7MQeK

1B82pfhvrgBxkqPzs1CmZVpBdK24CAD6xX

18bMAdb5x8H5VTdxSSyVyyxSnKmqpy22o2

1MdyvPQmV38njpGKtbuvA5Kxw6ah8cpLrZ

1JRynp7FjH9AKuht95Niigc7EU4GyqbnGF

First wallet I’ve seen with a transaction into it

147.17 USD @2017-12-08T12:54:37Z

...

Tumblr Bitcoin Scam Messages Investigation

This post will contain details on my investigation into the Tumblr “Bitcoin” message fiasco. 

Bitcoin Wallets Mentioned

-----

Posts on my blog tagged “tumblr btc scam”

Help the Investigation:

If you receive one of these messages, please submit a screenshot of the message to https://malwarepat-btc.tumblr.com/submit.  It’ll help me to see the scope of what people are getting.  

Post where I learned of the malicious activity: https://malwarepat.tumblr.com/post/168419395787/iron-thorn-this-blog-did-not-and-will-not-send from @iron-thorn

MalwarePat Joins the Fray                                    

Hello all, I’m just a friendly white hat looking to understand where the “bitcoin” messages are coming from and who is behind them.  If you receive one of these messages, please submit a screenshot of the message to https://malwarepat-btc.tumblr.com/submit.  It’ll help me to see the scope of what people are getting.  

Thanks!

-MalwarePat

This blog did not and will not send requests for bitcoin donations.

There seems to be a virus or some sort of malware going around causing blogs to “send out” chat messages to blogs that they follow asking for help with the purchase of certain items through donations of seemingly small amounts using bitcoin and adds a link to the message.

The message goes as following (at least the first message I got went like this): “Hi there buddy. I need help, I’m trying to buy a laptop and I can’t afford it. I’m about 0.36$ short, and I’d really appreciate if you could help me and transfer some money to me via bitcoin using this *link*.”

The small details in the message seems to have a few variations with the greeting, amount and purchased item showing up in different variations from formal to friendly, from 0.016 to 2$ and from a phone case to a laptop among others.

The blogs that are affected send out the messages to blogs that they follow for a long time mostly, so you are most likely to receive the message from a long time, active follower whose name you might recognize or a mutual etc. The blogs that are affected are not spam bots but actual active followers who follow the recipient for months or years and most likely the blogger who “sent” the message is unaware of the message being sent.

DO NOT OPEN THE LINK.

Opening up the link will cause the virus to spread even more and infect your computer/mobile with any sort of malware.

If you have received a message of that sort from this blog please know that it was not sent by me or within my control and ignore/delete the message without clicking the link.

Edit:

To those worried because they received a message with a wallet code instead of a l8nk, there’s nothing to worry about. Tge wallet code is essentially tge equivalent of a bank account number. So unless you actually go and actively transfer from your wallet to theurs you’re safe. Opening the messages themselves is harmless.

The best way to know if you were affected is to simply go into messages and see if you sent a message like that to anyone, it will appear in the chat.

I personally recommend changing passwords just in case, even if you weren’t hit with the virus.

MalwarePat Joins the Fray

Hello all, I’m just a friendly white hat looking to understand where the “bitcoin” messages are coming from and who is behind them.  If you receive one of these messages, please submit a screenshot of the message to https://malwarepat-btc.tumblr.com/submit.  It’ll help me to see the scope of what people are getting. 

Thanks!

-MalwarePat