GM fam! ❤️ Today, someone tried to hack SamCzSun with a crypto stealer, fortunately, attack wasn’t successful, but all it would've taken was three clicks.
The first step was to create an urgent and compelling hook. When placed under pressure, even trained security professionals might act instinctively instead of rationally. You must have good self-control and feel when someone is trying to make you rush or feel strong emotions (anger, desire to help, love, envy, and so on). Remember that time works for you and you can always wait 1-2 days for a similar request.
You should also understand that if you are in a vulnerable position (not sleeping, not resting, starving, sick) you must not work. And you must not do any activities that require urgency.
You can see the message on the screenshot. If he had clicked the link, then he was only in two clicks away from being pwned. Clicking the link automatically downloads malicious file to computer.
There were two files in the archive. If you have file extensions enabled, then you'll see the first as a URL. If you don't, then you'll see the second as a PDF.
Both of these are malicious, and opening either of them would give the attacker full access to your PC and thus tokens, socials, sensitive data.
The example used wasn't very advanced, but would have tricked a few users nevertheless. The more targeted, the harder to distinguish from legit requests.
This was very likely a Redline malware or a Raccoon Stealer.
Original Tweet
Read my OpSec roadmap to avoid such situations, never download files on your working machine. You should understand all 25 rules!
• How to store crypto securely - tips from CIA_Officer
• 2 Violent attack vectors in Crypto: a detailed review
• OpSec in Crypto: Thoughts
…and never forget to use dangerzone.rocks when working with PDF! Always use a separate, clean, airgapped in a maximum possible way machine for work.
Stay safe!
#blockchain #privacy #OpSec #security
The first step was to create an urgent and compelling hook. When placed under pressure, even trained security professionals might act instinctively instead of rationally. You must have good self-control and feel when someone is trying to make you rush or feel strong emotions (anger, desire to help, love, envy, and so on). Remember that time works for you and you can always wait 1-2 days for a similar request.
You should also understand that if you are in a vulnerable position (not sleeping, not resting, starving, sick) you must not work. And you must not do any activities that require urgency.
You can see the message on the screenshot. If he had clicked the link, then he was only in two clicks away from being pwned. Clicking the link automatically downloads malicious file to computer.
There were two files in the archive. If you have file extensions enabled, then you'll see the first as a URL. If you don't, then you'll see the second as a PDF.
Both of these are malicious, and opening either of them would give the attacker full access to your PC and thus tokens, socials, sensitive data.
The example used wasn't very advanced, but would have tricked a few users nevertheless. The more targeted, the harder to distinguish from legit requests.
This was very likely a Redline malware or a Raccoon Stealer.
Original Tweet
Read my OpSec roadmap to avoid such situations, never download files on your working machine. You should understand all 25 rules!
• How to store crypto securely - tips from CIA_Officer
• 2 Violent attack vectors in Crypto: a detailed review
• OpSec in Crypto: Thoughts
…and never forget to use dangerzone.rocks when working with PDF! Always use a separate, clean, airgapped in a maximum possible way machine for work.
Stay safe!
#blockchain #privacy #OpSec #security
Officer's Channel via @Inlinebuttons_bot
Welcome to my channel! ❤️ I'm glad to see you here! 😊 · Check out my GitHub · Follow my Twitter · Track all my activities · All my Socials Tag Cloud: #tip #marketing #tool #crosspr #privacy #security #opsec #offtopic #forensics #OSINT #blockchain #MEV…
Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users 💖
If you want to support my work, please send me a direct donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth - ETH, Subchains
17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU - BTC
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR
You can also support me by minting one of my Mirror articles NFTs or via GitCoin!
Thank you 🙏
#offtopic
If you want to support my work, please send me a direct donation to the address:
0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth - ETH, Subchains
17Ydx9m7vrhnx4XjZPuGPMqrhw3sDviNTU - BTC
4AhpUrDtfVSWZMJcRMJkZoPwDSdVG6puYBE3ajQABQo6T533cVvx5vJRc5fX7sktJe67mXu1CcDmr7orn1CrGrqsT3ptfds - Monero XMR
You can also support me by minting one of my Mirror articles NFTs or via GitCoin!
Thank you 🙏
#offtopic
GitHub
GitHub - OffcierCia/support: SupportMe
SupportMe. Contribute to OffcierCia/support development by creating an account on GitHub.
Welcome to my channel! ❤️ I'm glad to see you here! 😊
· Check out my GitHub
· Follow my Twitter
· Track all my activities
· All my Socials
Tag Cloud:
#tip #marketing #tool #crosspr #privacy #security #opsec #offtopic #forensics #OSINT #blockchain #MEV #defi #nft
· Check out my GitHub
· Follow my Twitter
· Track all my activities
· All my Socials
Tag Cloud:
#tip #marketing #tool #crosspr #privacy #security #opsec #offtopic #forensics #OSINT #blockchain #MEV #defi #nft
Officer's Channel
This wallet controls the stolen funds https://etherscan.io/address/0x098b716b8aaf21512996dc57eb0615e2383e2f96
This was one of the most successful phishing attacks ever performed 😱
How a fake job offer took down the world’s most popular crypto game
#blockchain #security #forensics
How a fake job offer took down the world’s most popular crypto game
#blockchain #security #forensics
The Block
How a fake job offer took down the world’s most popular crypto game
An engineer’s interest in joining what turned out to be a fictitious company led to March’s $540 million Axie Infinity hack.
A new article co-authored with @ortomich_links is out fam ❤️ In it we'll break down one of the methods to steal your Ethers and ways to defend against it! 😎
#blockchain #security #nft
#blockchain #security #nft
officercia.mirror.xyz
How hackers may steal your ETH & why does eth_sign matter?
Today we're going to look into a new scam method! Do not confuse it with allowance approve scam which targets ERC20 tokens, but not Ethers.
Officer's Channel
Ge fam! 👀 It's time to revisit my articles! Check out my Mirror Blog: https://officercia.mirror.xyz Visit my LinkTree as well ❤️
This media is not supported in your browser
VIEW IN TELEGRAM
While I'm preparing some fascinating articles for you, I suggest you visit my blog & read latest articles once again ❤️
#offtopic
#offtopic
Today in my new viamirror article I would like to discuss with you an OpSec mindset, how it can be developed and why it is all needed on the example of ancient English, Greek and ancient Christian folklore and some modern references!
I have never yet cited resources from pre-Christian times as references! I promise this will be an interesting read!
#Blockchain #OpSec #privacy #security
I have never yet cited resources from pre-Christian times as references! I promise this will be an interesting read!
#Blockchain #OpSec #privacy #security
officercia.mirror.xyz
An OpSec: A Close View Through the Prism of Time
An OpSec mindset: How it can be developed, and why it is all needed on the example of ancient and modern references.
Officer's Channel
Today in my new viamirror article I would like to discuss with you an OpSec mindset, how it can be developed and why it is all needed on the example of ancient English, Greek and ancient Christian folklore and some modern references! I have never yet cited…
This media is not supported in your browser
VIEW IN TELEGRAM
Officer's Channel
Ge fam! 👀 It's time to revisit my articles! Check out my Mirror Blog: https://officercia.mirror.xyz Visit my LinkTree as well ❤️
Gm fam! For your convenience, I have posted all of my the best articles on Medium, I hope you enjoy reading them 😉
officercia.medium.com/list/best-from-cia-officer-9db7b1958a64
#offtopic #blockchain #privacy
P.S. Looks like thre is an account which is probably impersonating me (or I am too suspicious but anyways) this is not me - @cia_officer, please keep in mind that my only one real account on tg is @farm42 and my channel is @officer_cia!
officercia.medium.com/list/best-from-cia-officer-9db7b1958a64
#offtopic #blockchain #privacy
P.S. Looks like thre is an account which is probably impersonating me (or I am too suspicious but anyways) this is not me - @cia_officer, please keep in mind that my only one real account on tg is @farm42 and my channel is @officer_cia!
Greetings dear community! ❤️ Today I would like to discuss with you an important thing which is called a Steganography, but to understand the topic, please read my previous articles first, especially about the #OpSec view through history.
We are gonna learn about about what it is, how it was used in ancient times and how hackers and ordinary users use it now, and most importantly, for what and why. And we will finish with a discussion of how we as normal people and average internet users can apply the above mentioned methods to secure our crypto or fiat assets, passwords and make our lives easier in general.
#privacy #security #Blockchain
We are gonna learn about about what it is, how it was used in ancient times and how hackers and ordinary users use it now, and most importantly, for what and why. And we will finish with a discussion of how we as normal people and average internet users can apply the above mentioned methods to secure our crypto or fiat assets, passwords and make our lives easier in general.
#privacy #security #Blockchain
officercia.mirror.xyz
How to win the war, trick the KGB and protect your crypto-assets from theft by Steganography
Steganography: from tricking KGB agent to storing your crypto assets seed phases in a secure and safe way.
Officer's Channel
Greetings dear community! ❤️ Today I would like to discuss with you an important thing which is called a Steganography, but to understand the topic, please read my previous articles first, especially about the #OpSec view through history. We are gonna learn…
This media is not supported in your browser
VIEW IN TELEGRAM
Officer's Channel
https://officercia.mirror.xyz/FvMKbibx7gDlufgZSkmYn77CI8HPBsVCeqUKmpXHr0k #security #blockchain
graph.org/All-known-smart-contract-side-and-user-side-attacks-and-vulnerabilities-in-Web30--DeFi-03-31
#security #blockchain
#security #blockchain
Telegraph
All known smart contract-side and user-side attacks and vulnerabilities in Web3.0, DeFi, NFT and Metaverse + Bonus
| Also check out: github.com/sigp/solidity-security-blog & graph.org/Solidity-Cheatsheets-Pack-03-20
https://officercia.mirror.xyz/bO8lYsvxvbdAQI9ArmMDno0rTW8-pE1Fe91NAUuBiVM
Probably many of us have received strange requests in personal messages lately. Let's find out what is behind them and how not to lose your money. I have compiled in 1 post for you what is known about this at the moment!
#blockchain #security
Probably many of us have received strange requests in personal messages lately. Let's find out what is behind them and how not to lose your money. I have compiled in 1 post for you what is known about this at the moment!
#blockchain #security
officercia.mirror.xyz
Let's take a look at a modern implementation of an old scam which is called a scavenging.
Today I want to remind you about an old scam implementation which is called a scavenging. Just remember as a golden rule — if anyone giving you their private key/seed — he is scamming you!
Officer's Channel
https://officercia.mirror.xyz/bO8lYsvxvbdAQI9ArmMDno0rTW8-pE1Fe91NAUuBiVM Probably many of us have received strange requests in personal messages lately. Let's find out what is behind them and how not to lose your money. I have compiled in 1 post for you…
This media is not supported in your browser
VIEW IN TELEGRAM
Officer's Channel
Support is very important to me, with it I can spend less time at work and do what I love - educating DeFi & Crypto users 💖 If you want to support my work, please send me a direct donation to the address: 0xB25C5E8fA1E53eEb9bE3421C59F6A66B786ED77A or officercia.eth…
This media is not supported in your browser
VIEW IN TELEGRAM
Attention please! There is a scammer DMing users and impersonating me!
Stay safe fam! You can always check my socials via my official ENS text records! My real Telegram account @farm42 (Discord: MisterFarm42#5044) ❗️
#security #tip #offtopic
Stay safe fam! You can always check my socials via my official ENS text records! My real Telegram account @farm42 (Discord: MisterFarm42#5044) ❗️
#security #tip #offtopic
Gm! I just found out about an interesting attack where the attackers only need to pretend that the attack is happening/make it look like that 🤷
They attack an IoT robot vacuum cleaner/any IOT on the home router so that it voices an error (they don't need to take control of it to do that - it's just enough to cause a reboot) and then another attacker immediately calls the victim impersonating the internet provider via spoofing caller ID and then using social engineering to urge victim to «let in a specialist" who might be a gang member or tell a code from a SMS/request to install a malware 👀
Сheck out: github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md ❗️
Stay safe!
Use dangerzone.rocks if you are working with PDFs and please follow: github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap !
• How to store crypto securely - tips from CIA_Officer
• 2 Violent attack vectors in Crypto: a detailed review
• OpSec in Crypto: Thoughts
#OpSec #Blockchain #Tip #Security
They attack an IoT robot vacuum cleaner/any IOT on the home router so that it voices an error (they don't need to take control of it to do that - it's just enough to cause a reboot) and then another attacker immediately calls the victim impersonating the internet provider via spoofing caller ID and then using social engineering to urge victim to «let in a specialist" who might be a gang member or tell a code from a SMS/request to install a malware 👀
Сheck out: github.com/jlopp/physical-bitcoin-attacks/blob/master/README.md ❗️
Stay safe!
Use dangerzone.rocks if you are working with PDFs and please follow: github.com/OffcierCia/Crypto-OpSec-SelfGuard-RoadMap !
• How to store crypto securely - tips from CIA_Officer
• 2 Violent attack vectors in Crypto: a detailed review
• OpSec in Crypto: Thoughts
#OpSec #Blockchain #Tip #Security