The infected version of Disk Imager has been available on Download.com since May 2016 and was downloaded over 4500 times during that time. Code :: Blocks has been on Download.com since June 2016 and was removed from the website last year by Cnet, owner of Download.com. However, the program had already been downloaded 104,000 times. The number of downloads of MinGW-64, which was also on the website since 2016, amounted to just under 500.
The malware in the three programs was developed to steal bitcoins. Bitcoin users who want to make a payment or transfer money to another wallet often copy the wallet address of the beneficiary and then paste it into a field on the transaction page. At that moment the wallet address is in the clipboard of the computer.
The malware monitors the clipboard on infected computers and when it sees that a user is copying a wallet address, it changes this address. If the user then wants to paste the wallet address onto the transaction page, he will paste the custom wallet address and transfer money to the wrong party. The bitcoin address that the malware uses would have received a total of 8.8 bitcoin, which is currently 62,000 euros. After being informed, Cnet has removed the infected programs. It is not the first time that Download.com is in the news due to malware being offered.
No comments:
Post a Comment