I can download and extract the Claymore's miner v10.1 ZIP file, but when I try to do download v10.2 ZIP file, the Windows Defender deletes the ZIP file with a message "This file contained a virus and was deleted".
What is different in v10.2 ZIP file that triggers this action, while v10.1 ZIP file does not?
0 ·
Answers
Defender finds Trojan:Win32/Fuery.A!cl:
Threat behavior
This threat has been identified by heuristics as an emerging malware attack. There is no specific behavior that identifies this threat, since this threat is a collection of different malware types. This includes malware categories such as:
•Bank theft
•Botnets
•Click-fraud
•Ransomware
•Trojans
I agree with @ecs87 comment above.
Paypal, amazon, multiple sites, a lot of passwords (spoofing to my bank), bitcoins stolen on a wallet, ...etc, more that 60 k€ of purchases with my cards..
When I was back, I finally found out that claymore 10.2, dowloaded from nanopool website, was fitted with a trojan (idp.alexa.51) which gave access to my network.
At that time, I did not yet install a proper antivirus and defender/windows 10 saw nothing.
Please pass the word, nanopool/claymore are probably thieves.
Cheers
Your other machines was compromised through your local network?
Or your machine with the downloaded claymore had the information for the btc wallet and 60k eur, etc?
If the first is true, what services listened on the local network? (it's a very serious issue)
If the second is true, then the issue is not that serious (besides that if true, nanopool is in big trouble), but an expensive lesson for you. If you can't separate the tasks to different computers, just use different users. For example the miner user can't access your joe user's browser passwords without some local root exploit.