Avatar
BitBox 2y ago

🚨 Two days ago, we received a concerning support request: An app that appeared to be the BitBoxApp asked the user to enter their recovery words.

This was clearly a phishing attempt by an attacker trying to steal the users funds.

Here's what happened: πŸ‘‡

The victim has had his BitBox02 for multiple months already. One day, after plugging in their BitBox02, the BitBoxApp flashed and displayed the above screen.

Knowing he wasn't supposed to enter his recovery words on a computer, he immediately contacted our support. πŸ’ͺ

Together with the victim, we figured out that a malicious BitBoxApp clone was placed on his computer. It does not replace the BitBoxApp, but is installed in another folder.

Once the original BitBoxApp has been opened, it minimizes the original BitBoxApp and displays the malicious "Bitbox.exe" over all other content.

The malware also appear to take screenshots to surveil the victim. 🚨

We were able to trace the origin of the malware to a malicious website.

The victim used DuckDuckGo to search for "wasabi wallet" and ended up downloading a malicious installer.

This is an extremely easy mistake to make, as there are multiple phishing sites in the top results.

We have reached out to Wasabi Wallet and they assured us they do everything in their power to get rid of these fake sites.

It is necessary for DuckDuckGo to take action and make sure these malicious websites don't appear in their search results.

To make sure this does not happen to you, you should always verify exactly where you are downloading programs from.

This is also why we provide instructions on how to verify the signatures for our BitBoxApp before you run them:

https://github.com/digitalbitbox/bitbox-wallet-app/releases/tag/v4.39.0

Thank you again to the victim for helping us figure this out as quickly as possible!

Their fast and correct response made it possible for us to figure this out really fast and warn other users. We've already shipped them a small 'thank you' package to show our gratitude. πŸ™

In the end the BitBox02 did exactly what it was supposed to:

It protected the users wallet when their PC got compromised.

Would the victim have used a software wallet, chances are high that their money would have been stolen.

Reply to this note

Please Login to reply.

Discussion

Avatar
🟠 isolabellart 2y ago

All's well that ends well.

Good work BitBox ;)

nostr:note1egpggw52wdlmcktu2whpjqllxtgwcj25zflt4yrgad5ll6q8wdgshe4vlu

Avatar
Justin Case 2y ago

Thank you for sharing.

be
Deleted Account 2y ago

Thank you for the information πŸ‘

Avatar
Decentralized 2y ago

La importancia de validar el software que se descarga, no solo en cuanto a las firmas, sino tambiΓ©n en cuanto a origen del sitio

Y por supuesto, la importancia de NO introducir la semilla en un software.

PequeΓ±os hΓ‘bitos que son fundamentales para tener una vida tranquila.

πŸ‘‡πŸ‘€πŸ‘‡

nostr:note1egpggw52wdlmcktu2whpjqllxtgwcj25zflt4yrgad5ll6q8wdgshe4vlu

Avatar
Indonesia ⚑ Lea Octaviani 🍊 2y ago

🚨 🚨 WASPADA!!! 🚨 🚨

modus phising, tidak langsung, tapi lewat aplikasi lain.

contoh misalkan kamu download aplikasi photoshop dari situs ga resmi, namun sebenarnya didalamnya selain kamu menginstall photoshop, namun juga ikut terpasang aplikasi malware lain buat phising wallet kamu. πŸ‘‡

nostr:note1egpggw52wdlmcktu2whpjqllxtgwcj25zflt4yrgad5ll6q8wdgshe4vlu