Intelligence On Chain - Victim Information

Guide - Malicious Downloads

Responding to Malicious Downloads and Malware Infections

PreviousGuide - When a Project Rugpulls NextGuide - Fake Trading Platforms

Last updated 2 months ago

Guide - Malicious Downloads

Responding to Malicious Downloads and Malware Infections

Discovering that you've downloaded a malicious script or malware can be distressing, but taking immediate, strategic action can minimise damage and prepare for forensic analysis and reporting. Below is a comprehensive step-by-step guide:

1. Secure Your Digital Assets

Generate a New Wallet: Immediately create a new wallet on a completely separate device that has never been connected to the compromised system.

Create a brand new seed phrase from a reputable source

Transfer Funds: Move your digital assets to this new wallet to isolate them from any further attacks originating from the infected device.
Revoke Permissions: Use platforms like Revoke.Cash to revoke all permissions on the compromised wallet. Ensure to check all blockchains you’ve interacted with (e.g., Ethereum, Avalanche, Binance Smart Chain).

2. Secure the Compromised Device

Avoid Further Use: Stop all activities on the compromised device immediately to avoid spreading the infection or providing further access to sensitive data.

Option A: Preserve the Malware for Analysis

This option is suitable if you’re working with law enforcement, a cybersecurity expert, or are considering further investigation.

Disconnect the Device: Immediately disconnect the device from the internet and any networks (Wi-Fi, Ethernet, etc.) to prevent further communication with the attacker.
Preserve Evidence:
- Do not delete or quarantine the malware.
- Create a backup or disk image of the compromised system. Use user-friendly tools like Acronis True Image (Windows/Mac) or Disk Utility (Mac).
- Label and store the backup securely for analysis.
Seek Professional Help: Contact a computer forensic specialist or cybersecurity expert to handle and analyse the preserved data.

Option B: Wipe the Machine to Secure It

This option is best if you want to immediately eliminate the threat and are not concerned about analysing the malware. Note: Once the machine is wiped, analysis of the malware will no longer be possible.

Backup Important Files:
- Before wiping the machine, transfer essential personal files (e.g., documents, photos) to an external drive or cloud storage.
- Be cautious: Scan these files with antivirus software on a different device before reusing them.
Perform a Full System Re-Install:
- Use a trusted source (e.g., official OS installation media) to completely erase and reinstall the operating system.
- Update the OS and all software immediately after reinstalling.
Install Security Tools: Set up a reputable antivirus and anti-malware tool to protect the new system.

5. Forensic and Technical Analysis

Seek Professional Assistance: Contact a certified computer forensic specialist to analyse the compromised device. This may uncover:
- The source and behaviour of the malware.
- Any data exfiltrated or compromised.
Analyse Blockchain Activity: If digital assets were stolen:
- Use blockchain analysis tools (e.g. Etherscan or Arkham) to track stolen funds.
- Open a case on our website if you need our support
- Create a detailed report with visual charts for law enforcement.

6. Engage with Exchanges

Identify Destination Accounts: Determine if stolen funds were sent to a cryptocurrency exchange.
Contact the Exchange: Provide detailed transaction information (deposit address, transaction ID, etc.) and request a freeze on suspicious accounts. Note:
- Exchanges often require law enforcement involvement to process such requests.

7. Rebuild and Secure

Complete System Re-Install:
- After preserving evidence and completing forensic analysis, perform a full system re-install to eliminate any lingering malware.
- Use a trusted installation source and update the operating system and all software immediately after reinstalling.
Install Anti-Malware Tools: Deploy reputable antivirus and anti-malware software on the rebuilt system to prevent future infections.

8. Report and Educate

Open a Case: Report the incident through relevant platforms like the IOC (Indicators of Compromise) website to share information and receive guidance.
Beware of Scammers: Avoid services or individuals offering guaranteed asset recovery for upfront fees. These are common scam tactics that could compound your losses.
Educate Others: Share your experience and preventive measures with your network to raise awareness about similar threats.

9. Legal Assistance

Consult a Lawyer: If needed, engage a legal professional to:
- Issue letters of demand or subpoenas to expedite freezing of accounts.
- Advise on your rights and legal options for recovery.

10. Prevention for the Future

Practice Good Security Hygiene:
- Avoid downloading files or clicking on links from unknown sources.
- Use a hardware wallet for storing significant digital assets.
- Enable two-factor authentication (2FA) on all accounts.
Stay Updated: Keep your operating system, software, and antivirus tools up to date.

By following these steps, you can minimise the impact of malicious downloads, enhance your chances of recovery, and contribute to broader efforts to combat cybercrime.

PreviousGuide - When a Project Rugpulls NextGuide - Fake Trading Platforms

Last updated 2 months ago

1. Secure Your Digital Assets

Generate a New Wallet: Immediately create a new wallet on a completely separate device that has never been connected to the compromised system.

Create a brand new seed phrase from a reputable source

Transfer Funds: Move your digital assets to this new wallet to isolate them from any further attacks originating from the infected device.
Revoke Permissions: Use platforms like Revoke.Cash to revoke all permissions on the compromised wallet. Ensure to check all blockchains you’ve interacted with (e.g., Ethereum, Avalanche, Binance Smart Chain).

2. Secure the Compromised Device

Avoid Further Use: Stop all activities on the compromised device immediately to avoid spreading the infection or providing further access to sensitive data.

Option A: Preserve the Malware for Analysis

This option is suitable if you’re working with law enforcement, a cybersecurity expert, or are considering further investigation.

Disconnect the Device: Immediately disconnect the device from the internet and any networks (Wi-Fi, Ethernet, etc.) to prevent further communication with the attacker.
Preserve Evidence:
- Do not delete or quarantine the malware.
- Create a backup or disk image of the compromised system. Use user-friendly tools like Acronis True Image (Windows/Mac) or Disk Utility (Mac).
- Label and store the backup securely for analysis.
Seek Professional Help: Contact a computer forensic specialist or cybersecurity expert to handle and analyse the preserved data.

Option B: Wipe the Machine to Secure It

Backup Important Files:
- Before wiping the machine, transfer essential personal files (e.g., documents, photos) to an external drive or cloud storage.
- Be cautious: Scan these files with antivirus software on a different device before reusing them.
Perform a Full System Re-Install:
- Use a trusted source (e.g., official OS installation media) to completely erase and reinstall the operating system.
- Update the OS and all software immediately after reinstalling.
Install Security Tools: Set up a reputable antivirus and anti-malware tool to protect the new system.

5. Forensic and Technical Analysis

Seek Professional Assistance: Contact a certified computer forensic specialist to analyse the compromised device. This may uncover:
- The source and behaviour of the malware.
- Any data exfiltrated or compromised.
Analyse Blockchain Activity: If digital assets were stolen:
- Use blockchain analysis tools (e.g. Etherscan or Arkham) to track stolen funds.
- Open a case on our website if you need our support
- Create a detailed report with visual charts for law enforcement.

6. Engage with Exchanges

Identify Destination Accounts: Determine if stolen funds were sent to a cryptocurrency exchange.
Contact the Exchange: Provide detailed transaction information (deposit address, transaction ID, etc.) and request a freeze on suspicious accounts. Note:
- Exchanges often require law enforcement involvement to process such requests.

7. Rebuild and Secure

Complete System Re-Install:
- After preserving evidence and completing forensic analysis, perform a full system re-install to eliminate any lingering malware.
- Use a trusted installation source and update the operating system and all software immediately after reinstalling.
Install Anti-Malware Tools: Deploy reputable antivirus and anti-malware software on the rebuilt system to prevent future infections.

8. Report and Educate

Open a Case: Report the incident through relevant platforms like the IOC (Indicators of Compromise) website to share information and receive guidance.
Beware of Scammers: Avoid services or individuals offering guaranteed asset recovery for upfront fees. These are common scam tactics that could compound your losses.
Educate Others: Share your experience and preventive measures with your network to raise awareness about similar threats.

9. Legal Assistance

Consult a Lawyer: If needed, engage a legal professional to:
- Issue letters of demand or subpoenas to expedite freezing of accounts.
- Advise on your rights and legal options for recovery.

10. Prevention for the Future

Practice Good Security Hygiene:
- Avoid downloading files or clicking on links from unknown sources.
- Use a hardware wallet for storing significant digital assets.
- Enable two-factor authentication (2FA) on all accounts.
Stay Updated: Keep your operating system, software, and antivirus tools up to date.

By following these steps, you can minimise the impact of malicious downloads, enhance your chances of recovery, and contribute to broader efforts to combat cybercrime.