Afraid to answer a bit background knowledge is necessary first.
Viruses hardly exists any more. Programs that infect other executables, overwrite parts of them and/or add new code to them is not how malware spreads nowadays in most cases. In windows that distinction is not really necessary, windows users use the term “virus” to describe every form of malware (and user error, sorry, couldn’t resist 😉 ). But in Linux that distinction is important as virus scanners in Linux do exactly what the name says…they scan for viruses. They don’t protect you against attacks from websites in any form. And on top of that they hardly even scan for Linux viruses…there are only very few proof-of-concept Linux viruses at all. And due to people never installing anything themselves but always packages provided by the distro through the package manager there is almost no attack surface for traditional viruses…no spreading of .exe saying they are the most fancy screensaver or similar. So the Linux virus scanners actually mostly scan for windows viruses, for example in a mail server scanning email attachments before delivering the mails.
I spotted few mins ago that there is link to download a open source trading program call Cryptocoin trader.
One anonymous user claimed that the source code is safe but i decided to run the precompiled exe on my VM to be sure.
The program extracts qtbitcoin trader client and some suspicious executables (bridgemigplugin.exe, vbc.exe).
brigemiplugin.exe description on task manager is open broadcaster software.
After some googling, it is obvious that the program is doing a live/recording video stream through a open source program from open broadcaster software http://obsproject.com/
Here are the screenshots
Even though the post has been deleted, there are 46 people indicated on sourceforge who have downloaded the program, please reformat your pc to prevent any potential wallet hacks.
Update 2 I’ve did a search of the IP address. I believe it doesn’t belongs to any tor node, proxy or VPN. Hence it is very likely that 18.104.22.168 is either a dynamic or static IP from Longbow Electric Llc.
Update 3 I’m a undergraduate in NUS majoring in computer science security. I hope that this post will act as a warning for all potential future hackers who attempts to perform similar attacks (The community is watching you). Thanks everyone for the tips as well, it sure helps a little with my high tuition debt. 🙂 This is so much I can do for now, as I’m having papers from tomorrow onwards. Stay safe fellow bitcoiners!