Bitcoin Trx by Radio Wave

Bitcoin in the Air

This week, Rodolfo Novak revealed he had sent bitcoin via radio to another address over 350 miles away, without the aid of a satellite or any other sophisticated network. The OG cryptocurrency just got a little more permissionless.

After the initial bitcoin transaction, the small sum has been passed around to several other radio operators and is currently in the possession of podcaster Adam Curry.
As such, the bitcoin has traveled approximately 1700 miles in 24 hours, no internet involved.

Wait, What?
The technology these bitcoin enthusiasts are using is called shortwave radio, which uses a group of frequencies that bounce off the upper layers in the atmosphere to travel very long distances using relatively small amounts of power.

The technique can be traced back to amateur radio operators transmitting as far back as 1921 and can be done with a much simpler network infrastructure than is required for traditional bitcoin transactions.

This chain of transactions among shortwave operators in the U.S. represents a proof of concept for sending offline BTC in case of outages or network censorship (e.g. the possibly impending Russian internet blackout).
The current technique has limitations in that it requires a brain wallet and unencrypted communication (due to regulations and bandwidth limitations), but in an emergency it represents a powerful tool to move money where you otherwise wouldn’t be able to.

Why Should I Care?
Well, if you have bitcoin that you can’t use, what’s it worth?
The more tools developed to bootstrap the Bitcoin protocol on top of legacy or non-internet networks, the more options you have if, for example, a disaster destroys all of the cell towers and power substations in your area, or upnp/udp networking gets blocked by your ISP.
The more options you have to transmit your money the more valuable it is, so having established methodologies for sending bitcoin in as many ways as possible are essential to securing your wealth should a systemic threat damage the internet or people’s access to it.
What’s your take? Is this experiment a breakthrough for bitcoin users? Let us know in the comments section below. 
Credit to Tyson O'Ham

Google Banned MetaMask.

Google has banned Ethereum (ETH) wallet and decentralized app (DApp) browser Metamask’s android client from its Play app store.

The MetaMask team took to Twitter on Dec. 26, where they announced that Google had suspended MetaMask’s android client from Google Play’s app store, claiming MetaMask was in violation of Google’s financial services policies.

Google reportedly cited their policy prohibiting cryptocurrency mining on mobile devices. The MetaMask team attempted to appeal Google’s decision to ban MetaMask from its app store to no avail, as Google promptly rejected the appeal. MetaMask co-lead developer Dan Findlay told Cointelegraph:

“I very much hope that this was an honest mistake on the part of Google's reviewers, but in combination with all the crypto YouTube bans, it definitely puts me at disease about how Google is engaging with decentralizing technologies. If people accept this behavior from a mobile monopoly like Google, we may not deserve something better.”

Not the only Google project to bar crypto-related content
Over the past several days, Google-owned video giant YouTube had removed videos from the accounts of several cryptocurrency-related content creators. Today, however, YouTube representatives have claimed that the removals were done in error and some content has started to be restored.

Nonetheless, the unilateral nature by which YouTube videos were removed and then reinstated has led many content creators to begin exploring migration to decentralized video hosting alternatives.
Credited to 

New Bitcoin Core Software Update

The Bitcoin Core development team released the latest update on Nov. 24 to Bitcoin (BTC)’s original software client — the nineteenth in the coin’s eleven-year history.

Releasing Bitcoin Core 0.19.0 (eventually in the available download version, following the discovery of a last-minute issue) was overseen by lead maintainer Wladimir J. van der Laan and was reportedly developed by over a hundred contributors over a roughly six month period.

New wallet format, better SegWit interoperability
As Aaron Van Wirdum has revealed, includes a range of performance improvements, updates and bug fixes, resulting from 550 merged pull requests.
The “bech32” address format (BIP 173) is now set for the first time as the default option in the Bitcoin Core wallet Graphical User Interface (GUI), having first been introduced in early 2018 with version 0.16.0. 
Bech32 contains a number of amendments, such as no longer making a distinction between lowercase and capital letters and formatting addresses to begin with “bc1” as opposed to 1 or 3. The addresses are thus a bit longer than existing format, but use fewer different characters. The changes are broadly intended to reduce the margin for human error in typos or reading aloud.
Bech32 also reportedly improves interoperability with SegWit wallets, with transactions now requiring less data to be transmitted over the Bitcoin network — and thus included in the blockchain — thereby reducing costs.
Van Wirdum indicates that the updated software client also now makes it possible for users to start a pruned node immediately from setup, even those with low disk space.

Privacy and security improvements
Nodes are now required to establish more connections to one another in a bid to better thwart partitioning attacks. Bloom Filters — a way for light clients, such as those running from mobile phones, to request relevant data from full nodes on the network —  have now been deprecated, as they are deemed to be weak on privacy.
Instead of Bloom Filters, is evolving toward supporting a newer solution called “compact client-side block filtering” (BIP 158), which essentially reverses the operation of Bloom Filters by having full nodes create filters for each block and enabling light clients to use these filters to determine whether transactions relevant to them may have happened in a block.
Bitcoin Core 0.19.0 has removed payment protocol (BIP 70) from its GUI, noting that it was never widely adopted and that most wallets still use the more basic URI scheme (BIP 21) to receive payments.
The minor features outlined include support for the Partially Signed Bitcoin Transactions (PSBT) protocol, which is useful for multi-signature and CoinJoin transactions. 
Credit to Marie Huillet
This October, Bitcoin Core developer Greg Maxwell had criticized the “attractive mystery” that fear of a 51% attack on Bitcoin entails, arguing that any mechanism cooked up to mitigate it always implies centralization and represents a far greater threat to the network’s integrity.

Facebook Libras Project Failed

A November 15 blog post by Libra project developers detailing testnet developments has apparently failed to impress government regulators and influential voices in the space alike. CEO of blockchain company R3, David Rutter, commented at a London conference last week that “what they did was ridiculously stupid,” going on to call the announcement and approach of the project “naive.” The U.S. Congress is concerned as well, with members proposing a new bi-partisan bill Thursday, which seeks to classify the asset as a managed stablecoin security.

Libra Testnet Developments
The most recent Libra developers update notes that the testnet “has logged more than 51,000 transactions since we reset the testnet on September 17, 2019.” The blog post further details that the dev community has launched 10 wallets, 11 blockchain explorers, 2 IDEs, 1 API and 11 clients. “Until we launch mainnet, the best and fastest way we have to demonstrate Libra network functionality and provide early access is through our pre-mainnet. Pre-mainnet, a version of testnet available to Libra Association members, makes it easier and faster to test, troubleshoot, diagnose, and resolve software edge cases,” the update elaborates. Pre-mainnet currently has 7 deployed nodes and 14 in-process nodes, with a goal “to deploy 100 nodes on the mainnet, representing a mix of on-premises and cloud-hosted infrastructure.”

R3 CEO Criticizes Libra’s Actions
For all the developments that seem to be taking place in the Libra camp, some voices remain critical of the project’s bold announcement and entrance onto the scene last summer. Financial News London quotes R3 CEO and founder David Rutter as saying:

I think what they did was ridiculously stupid. The way they rolled it out… Yeah, you know it was just so… It was just so in your face. There’s a lack of understanding.
Rutter goes on to remark “When we saw [Facebook] talking about doing a basket of currencies with weighting, in reality when we want to translate that back to real-world currencies it’s not simple.” The ongoing saga of Facebook’s struggle against regulatory bodies, especially in the U.S., seems to underscore Rutter’s concerns with a series of congressional letters, hours-long hearings, and criticism from top government officials. This trend continued Thursday with a proposal from lawmakers to classify libra as a security, which could undercut the stated aims of the project.

Proposal for Classification of Managed Stablecoins as Regulated Securities
While the head of the Libra project for Facebook, David Marcus, has toyed with the idea of possibly utilizing stablecoins in the past, the newly proposed “Managed Stablecoins are Securities Act of 2019” probably is not what the group had in mind. Sylvia Garcia (D-Tex) and Lance Gooden (R-Tex) introduced the bill on Thursday, which would “establish the treatment of managed stablecoins under the securities laws.” Garcia reportedly named libra in a statement about the bill, affirming that libra and managed stablecoins “are clearly securities under existing law.”
With many highly prominent members of the Libra Association having already dropped out of the project, the proposal presents even more potential difficulty. Marcus has spoken against the notion that Libra should be regulated as a security previously, comparing it loosely to a platform like Paypal, and increased regulatory scrutiny from the SEC would likely make the project’s aim for large scale financial inclusion much more complicated.
What are your thoughts on Rutter’s remarks and the newly proposed legislation? Let us know in the comments section below.
Credit to Graham Smith

DeFi Startup Compound Finance Raises $25 Million

DeFi Startup Compound Finance Raises $25 Million Series A Led by A16z

Lending protocol Compound Finance just raised $25 million in a round led by Andreessen Horowitz’s a16z crypto fund, marking one of the largest venture capital investments in a decentralized finance (DeFi) startup to date.
According to DeFi Pulse, Compound has nearly $103 million worth of crypto locked up in its automated system, which can generate returns for users comparable to interest. Today’s announcement of the Series A follows Compound’s $8.2 million seed round in 2018.
Much like MakerDAO’s loans, users can take collateralized loans with ethereum-based tokens, with the locked assets automatically liquidating if an independent “oracle” determines the price has dropped too low.
Unlike MakerDAO loans, however, the Compound protocol supports multiple assets and allows people to lock up assets without borrowing. Because these assets are stored in a shared pool, even someone with liquidated collateral could claim tokens if they are able to repay the general pool.
Compound founder Robert Leshner said that so far “teams in crypto that have stockpiles of DAI and crypto” are the most frequent protocol users. This appears to correlate with investors’ interests.
Leshner said this recent round will help the San Francisco-based company further “decentralize” the protocol by setting it up so that crypto exchanges and custodians, like Coinbase, can maintain the protocol going forward.
"We’re planning to integrate Compound into as many custodians, exchanges, wallets, and brokers as we can,” Leshner said, “to allow exchanges and custodians to be the interface of the protocol.”
Leshner said Polychain Capital also participated in this recent venture round along with Paradigm Capital and Bain Capital Ventures.
For now, Leshner said the 12-person Compound team is focused on building this public infrastructure for institutions to tap into, rather than finding a unique business model for the startup itself.
“Our goal is to slowly transition the very limited functions that we control to the community over the next two years,” he said referring to exchanges and custodians. “Our highest priority is building something that is sustainable. … From there we could probably build on top of the protocol.”
Whether the startup’s future is to eventually build its own monetized service or exchange, Leshner said the next focus will be on supporting multi-collateral DAI in late November.
Credit to Leigh Cuen

Everything you Need to Know about the New Multicolateral Dai

Key facts:
*Users can make a profit by saving their Dai and anchor the token to various cryptocurrencies.
*Maker will enter a period of grace on November 18 to migrate from the old token to the new one.

Soon the MakerDAO community will be able to issue stable cryptocurrencies backed by various financial assets, in addition to ether (ETH) the Ethereum token. The network developers have launched a new token, the multicolateral DAI (MCD), which will integrate this function into the Maker protocol.
Yesterday, November 15, MakerDAO authorities announced the implementation of this new version of token in the main network . In this way, they confirmed the beginning of an extensive migration process; an event that will allow users to exchange the possessions of the DAI that currently works on the network - known as Sai - for the new multicolateral Dai.
The new version of Maker will bring significant changes to the operation of the network. Also, users should be aware of all the details to migrate their possessions in Sai or CDP without major problems. This article will focus on explaining the most important points a Dai owner should know about the new Maker token.
More anchors and possibility of saving
One of the most outstanding features offered by the multicolateral DAI is the possibility of issuing tokens anchored to various financial assets. Maker users can now generate a stable cryptocurrency (DAI) backed solely by a guarantee in ETH. However, in the future when the MCD is in operation, stable cryptocurrencies backed by multiple assets such as REP, BAT or GMO may be generated.
The community will generate a list of collateral assets that will be available for support , which will be selected in governance votes . Each of the proposed cryptocurrencies will be evaluated for their market diversity, daily volume and stability for long-term approval, authorities say.
The multicolateral Dai will also introduce one of the most anticipated functions by the Maker ecosystem, the DAI savings rate (DSR). Users can earn additional profits by saving stable cryptocurrencies in their wallet . MakerDAO said the savings rate will not be generated from DAIs issued on a whim, but from the funds generated by the Stability Rates.
The developers point out that the possibility of saving with DAI will differentiate this stable cryptocurrency from other tokens in the market. It was also noted that this function can be helpful due to the link between the price of DAI and the US dollar.

What should I know about migration?
Beyond the new options offered by the multicolateral DAI, Maker users should keep in mind that they will have a limited period of time to exchange their current tokens for the MCD or lose their funds . This is because the developers rewrote the core of Maker's smart contracts, making the new version of the protocol incompatible with current DAIs.
The migration of tokens will start on 18 November, according to press releases. However, before the exchange begins, users must participate in a governance voting process that will certify community consensus on the implementation of the multicolateral ICD. If the process is successful, the authorities will publish a migration portal, which will facilitate the exchange of tokens for owners, exchange houses, purses and even Dapps.
The migration portal may be used by common users, who must enter with their wallet and specify which funds they wish to exchange . The application has its own intuitive interface, says MakerDAO , which will guide users to transform their tokens without major problems. After the migration is finished, the portal sends the multicolateral DAIs to the owner's address.

The authorities indicate that there is still no tentative date for the end of the migration process. What is public knowledge is that the current DAI will be removed from the ecosystem exchange houses, introducing the commercialization of the new DCM.
Credit to Andrea Leal

Knowing Satoshi Nakamoto "Real Bitcon Creator"

Satoshi Nakamoto is the name used by the unknown person or people who developed bitcoin, created the bitcoin document and created and implemented the original bitcoin reference implementation. As part of the implementation, they also designed the first blockchain database. In the process, they were the first to solve the problem of double spending in digital currency using a peer-to-peer network. They were active in the development of bitcoins until December 2010.

Mr. Dorian Prentice Satoshi Nakamoto, a Japanese-American living in California, whose birth name is Satoshi Nakamoto, as the Nakamoto in question. I suspect that Satoshi has been denied several times that he is not in public, as shown in the video below.

There you will get some of the Wise and fun dating of Bitcoin by Satoshi Nakamoto
that are famous in the crypto conmunity.
-January 3, 2009: The Times 03 / Jan / 2009 Chancellor on the verge of the second
financial rescue for banks.
-January 28, 2010: I really wanted to find a way to include a short message, but the problem is that everyone could see the message. As much as I can keep reminding people that the message is completely non-private, it would be an accident waiting for it to happen.
-14 February 2010: if you are sad about paying a fee (a transaction), you can always turn tables and run a node yourself and maybe someday charge a fee of 0.44.
-14 February 2010: I am sure that in 20 years there will be a very large volume of transactions (bitcoin) or no volume.
-21 February 2010: In the absence of a market to establish the price (of bitcoin, estimates) based on the cost of production, it is a good estimate and a useful service (thanks). The price of any product tends to gravitate toward the cost of production. If the price is below cost, then production slows down. If the price is above cost, you can earn profits by generating and selling more. At the same time, the increase in production would increase the difficulty, pushing the cost of generating towards the price. In later years, when the generation of new currencies is a small percentage of the existing supply, the market price will dictate the cost of production rather than the other way around.
-26 February 2010: How do everyone feel about the symbol B with the two lines through the outside? Can we live with that as our logo?
-May 18, 2010: Creating an account on a website is much easier than installing and learning to use software, and it is a more familiar way of doing it for most people. The only disadvantage is that you have to trust the site, but that's fine for the pocket change amounts for micropayments and miscellaneous expenses. It's an easy way to start and if you get larger amounts, you can upgrade to the real bitcoin software.
-26 May 2010: if you are selling digital goods and services, where you do not lose much if someone gets a free access and can not be resold for profit, I think it's okay to accept 0 confirmations. Most of the time, if you sold gold or currency, you would need several confirmations.
-14 June 2010: SHA-256 is very strong. It is not like the incremental step from MD5 to SHA1. It can last several decades, unless there is a massive breakthrough attack.
-June 17, 2010: the nature of Bitcoin is such that, once version 0.1 was released, the design of the core was fixed in stone for the rest of its useful life.
-June 18, 2010: (I've been working on the design of bitcoin) since 2007. At some point I was convinced that there was a way to do it without the necessary confidence and I could not resist to keep thinking about it. Much more of the work was design than coding. Fortunately, until now all the problems raised have been things that I considered and planned before.
-June 18, 2010: (I planned to create a free bitcoin generator). When mortals become too difficult to generate 50 BTC, new users could get some coins to play immediately.
-21 June 2010: the lost coins only make the currencies of all others worth a little more. Think of it as a donation for everyone.
-June 22, 2010: we should not delay forever until all possible functions are completed. There will always be one more thing to do.
-26 June 2010: Like cash, you do not keep all your net worth in your pocket, (keep) walking for money for unforeseen expenses.
-June 27, 2010: for some things, novelty is a virtue, but for this type of software, maturity and stability are important. I do not want to put my money into something that is 1.0. Version 1.0 could be more interesting for a moment, but after that we are still 1.0 and everyone who comes with us thinks that we have just started. This is the third major release and 1.3 reflects the development story. (0.1, 0.2, 1.3)
-5 July 2010: Sorry for being a wet blanket. Writing a description for (bitcoin) for the general public is very difficult. There is nothing to relate it to.
-5 July 2010: we do not want to lead with "anonymous (currency)" ... (or) "currency beyond the reach of any government". I'm definitely not making a mockery or affirmation of this kind.
-8 July 2010: it is difficult to imagine that the Internet becomes hermetically segmented. It would have to be a country deliberately and totally isolated from the rest of the world.
-29 July 2010: if you do not believe me or do not understand, I do not have time to try to convince you, I'm sorry.
-August 5, 2010: Although I do not think that Bitcoin is practical for smaller micropayments at this time, it will eventually be so as storage and bandwidth costs continue to decline. ... Any size of micropayments you need will eventually be practical. I think in 5 or 10 years, the bandwidth and storage will seem trivial.
-August 5, 2010: free transactions are pleasant and we can keep them that way if people do not abuse them.
-Aug. 7, 2010: The utility of the exchanges made possible by Bitcoin will far exceed the cost of electricity used. Therefore, not having Bitcoin would be the net waste.
-August 27, 2010: Sorry, I've been so busy lately that I've been hiding messages and I still can not keep up
-27 August 2010: Bitcoins have no future potential dividends or dividends, therefore, not as an action. (They are) more like an object of collection or merchandise.
-19th September 2010: this is not the kind of software where we can leave so many unresolved errors that we need a tracker for them.
-23 September 2010: Bitcoin would be convenient for people who do not have a credit card or do not want to use the ones they have, either because they do not want the spouse to see it on the bill or do not trust giving their number to "guys of porn ", or fearful of recurring billing.
-5 December 2010: No, do not "bring it" (Wikileaks). The project needs to grow gradually so that the software can be strengthened along the way. I make this appeal to WikiLeaks not to try to use Bitcoin. Bitcoin is a small beta community in its infancy. I would not be willing to receive more than a pocket change, and the heat it would bring would probably destroy us at this stage.
-December 11, 2010: It would have been nice to get this attention in any other context (instead of being associated with WikiLeaks). WikiLeaks has kicked the wasp nest and the swarm is heading towards us.
-December 10, 2010: the fears about the secure purchase of domains with Bitcoins are a false trail. It is easy to exchange Bitcoins for other products not of good reputation.
-December 12, 2010: We should have a gentlemen's agreement to postpone the GPU's arms race while we can for the good of the network. It's much easier to get new users updated if you do not have to worry about compatibility and GPU drivers. It's good how anyone with only one CPU can compete equally at this time.

And the last known Appointments before disappearing
-Yes, (we will not find a solution to the political problems in cryptography), but we can win a major battle in the arms race and win a new territory of freedom for several years. Governments are good at cutting off the heads of centrally controlled networks like Napster, but pure P2P networks like Gnutella and Tor seem to stand on their own.
-(Bitcoin is) very attractive to the libertarian point of view if we can explain it correctly. Although I'm better with the code than with the words.
-December 12, 2010: There is more work to be done in DoS, but I am doing a quick compilation of what I have so far in case it is necessary, before venturing into more complex ideas.
-6 March 2014: I am not Dorian Nakamoto.


Leave us your comments below and let us know if you think Satoshi Nakamoto is really Mr Dorian or maybe more than one person including Dorian?

Stealing Your Bitcoin Transactions from Your Own Browser

Masad Stealer: Exfiltrating using Telegram

Juniper Threat Labs discovered a new Trojan-delivered spyware that uses Telegram to exfiltrate stolen information. Using Telegram as a Command and Control (CnC) channel allows the malware some anonymity, as Telegram is a legitimate messaging application with 200 million monthly active users. 
The malware is being advertised on black market forums as “Masad Clipper and Stealer”. It steals browser data, which might contain usernames, passwords and credit card information. Masad Stealer also automatically replaces cryptocurrency wallets from the clipboard with its own.
Masad Stealer sends all of the information it collects - and receive commands from - a Telegram bot controlled by the threat actor deploying that instance of Masad. Because Masad is being sold as off-the-shelf malware, it will be deployed by multiple threat actors who may or may not be the original malware writers.

What it does 

This malware is written using Autoit scripts and then compiled into a Windows executable. Most samples we have seen are about 1.5 MiB in size, however, Masad Stealer can be found in larger executables as it is sometimes bundled into other software.
When Masad Stealer is executed, it drops itself in %APPDATA%\folder_name}\{file_name}, where folder_name and file_name are defined in the binary. Examples include amd64_usbhub3.inf.resources and ws2_32.exe, respectively. As a persistence mechanism, mMasad Stealer creates a scheduled task that will start itself every one minute.
Stealing routine
After installing itself, Masad Stealer starts by collecting sensitive information from the system, such as:
Cryptocurrency Wallets
PC and system information
Credit Card Browser Data
Browser passwords
Installed software and processes
Desktop Files
Screenshot of Desktop
Browser cookies
Steam files
AutoFill browser fields
Discord and Telegram data
FileZilla files
It zips this information into a file using 7zip utility, which is bundled into the malware binary.

The above screenshot is a view of what Masad Stealer tries to exfiltrate from a sandbox. But the data that it can exfiltrate can expand to the following list:
Using a hardcoded bot token, which is basically a way to communicate with the Command and Control bot, Masad Stealer sends this zip file using the sendDocument API.
In order to communicate with the Command and Control bot, Masad Stealer first sends a getMe message using the bot token to be able to confirm that the bot is still active. Upon receiving this request, the bot replies with the user object that contains the username of the bot. This username object is useful for identifying possible threat actors related to this malware. This is an important consideration because of the off-the-shelf nature of this malware - multiple parties will be operating Masad Stealer instances for different purposes.
Where the bot’s token is “719604859:AAE3Pg_oJ8cPgTxKzDtysU-3Zpj6hsBxNqI”.

Clipping Routine

This malware includes a function that replaces wallets on the clipboard, as soon as it matches a particular configuration. Below are the regular expressions and supported wallets that it matches against the clipboard data:
Below is a list of coins/wallet it tries to clip:
Bitcoin Cash
Web Money
Black Coin
Steam Trade Link
Bitcoin Gold
Yandex Money
If the clipboard data matches one of the patterns coded into Masad Stealer, the malware replaces the clipboard data with one of the threat actors’ wallets, which are also found in its binary. Below are the bitcoin and monero wallets found in one of the samples:

Bitcoin: 1AtwyYF2TGR969cyRDrR2XFDqSPzwCXKfe

Monero: 42Mm9gjuUSmPNr7aF1ZbQC6dcTeSi1MgB1Tv41frv1ZRFWLn4wNoLH3LDAGn9Fg2dhJW2VRHTz8Fo9ZAit951D2pDY8ggCR

Below is a snapshot of the bitcoin wallet transaction, as of this writing. This wallet has already received around $9,000 USD equivalent of bitcoins (as of Sept 15, 2019), which may or may not come from the activity of this malware.

Attack Vector

Based on our telemetry, Masad Stealer’s main distribution vectors are masquerading as a legitimate tool or bundling themselves into third party tools. Threat actors achieve end user downloads by advertising in forums, on third party download sites or on file sharing sites. Below are the currently known list of software that Masad Stealer has been seen mimicking:
ProxySwitcher (legitimate version here:
CCleaner.exe (legitimate version here:
Utilman.exe (legitimate version comes with Windows)
Netsh.exe (legitimate version comes with Windows)
Iobit v 1.7.exe (legitimate version here:
Base Creator v1.3.1 [FULL CRACK].exe (there is no legitimate version)
EXEA HACK CRACKED (PUBG,CS GO,FORTNITE,GTA 5,DOTA).exe ( there is no legitimate version)
 Icacls.exe (legitimate version comes with Windows)
WSManHTTPConfig.exe (legitimate version comes with Windows)
RADMIR CHEAT MONEYY.exe (there is no legitimate version)
Tradebot_binance.exe (legitimate version here:
Whoami.exe (legitimate version comes with Windows)
Proxo Bootstrapper.exe (this is actually a reasonably popular form of malware)
Fortniteaimbot  2019.exe (there is no legitimate version) 
Galaxy Software Update.exe (

Download additional malware
 Some samples of Masad Stealer have the capability to download additional malware. We have seen samples that download other malware, usually a miner, from these URLs:
https://masadsasad[.] (miner)
https://zuuse[.] (miner)
The figure below is a response from the request to https://masadsasad[.] This response contains an executable file with modified header. In addition to connecting via TLS, the modified header is an added trick by the malware to hide itself.

TLS streams are more difficult to inspect, helping to hide them from network-based security defenses. The modified header helps to hide the fact that the payload being downloaded is an executable from endpoint security products.

Threat Actors
This malware is being advertised in several hack forums as Masad Stealer. It starts with a free version and ladders up to versions asking up to $85, with each tier of the malware offering different features.
There is at least one dedicated website (masadproject[.]life) in existence to promote the sale of Masad Stealer. The developers have also created a Telegram group for their potential clients, and presumably to offer tech support.  At time of writing, this group has more than 300 members.
Of the more than 1,000 samples we identified to be variants of this malware, there where 338 unique Telegram Command and Control bot IDs. From this data, we can estimate the number of threat actors - or at least the number of different campaigns being run using the Masad Stealer malware - and the size of their operations. We used the getMe API, along with the bot token, to identify the usernames. Among the top bot IDs are as follows:
Telegram Bot ID
Telegram Bot Username
Unique Hashes

Previous versions of this malware (or possibly a direct ancestor) are called “Qulab Stealer”.

How does Juniper Networks protect you against this?

Juniper Advanced Threat Protection products JATP and Sky ATP use machine learning to be able to accurately identify malware. The following images show the Sky ATP detecting multiple variations of this malware.
The use of machine learning is critical to defending against this malware because of the number of rapid iterations it underwent throughout its development. Machine learning allows Juniper Connected Security to identify Masad Stealer variants as they emerge, helping to keep customers protected even before new strains have been identified.

Juniper Threat Labs believes that Masad Stealer represents an active and ongoing threat.  Command and Control bots are still alive and responding as of this writing, and the malware appears to still be available for purchase on the black market.
In order to protect your organization, make sure that you have a next generation firewall (NGFW) with Advanced Threat Protection. NGFWs have the ability to identify the Telegram protocol and block it, if there is no legitimate business use, while Advanced Threat Protection products offer other methods to detect and counteract this malware.
Juniper Sky ATP, in conjunction with our SRX firewall will block any client infected with Masad Stealer from reaching out to the Command and Control bot master. It will also block the download of the Masad Stealer malware files in the first place, offering both remediation and prevention capabilities.








All Credit to  ,