{"id":18194,"date":"2021-04-12T15:59:26","date_gmt":"2021-04-12T11:59:26","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/cryptoscam-in-lightshot\/18194\/"},"modified":"2021-04-12T15:59:50","modified_gmt":"2021-04-12T11:59:50","slug":"cryptoscam-in-lightshot","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/cryptoscam-in-lightshot\/18194\/","title":{"rendered":"Screenshots as cryptoscam in Lightshot"},"content":{"rendered":"

Cryptocurrency scams seem to be gaining momentum by the day. Hard on the heels of scammers tricking Discord users by offering nonexistent coins on fake exchanges<\/a>, inventing stories about lucky winners on fake news sites<\/a>, and simulating helicopter money<\/a>, a new scheme is exploiting Lightshot\u2019s screen-sharing tool to get money from overly curious cryptoinvestors.<\/p>\n

Convenient doesn\u2019t mean safe<\/h2>\n

Lightshot is a tool for creating, customizing, and quickly sending screenshots. It consists of an app for Windows, macOS, or Ubuntu and the prnt.sc cloud portal and lets users share screenshots quickly and easily: One click or shortcut sends an image to the cloud and returns an URL for sharing.<\/p>\n

Anyone can see published screenshots without authentication<\/a>; you don\u2019t even need a Lightshot account. That makes the service fast and convenient but not very secure.<\/p>\n

Moreover, to view a screenshot, you don\u2019t even need the exact link; the URLs are sequential, so if you replace a character in one of them with the next in order, for example, another image will open. The process can even be automated. A simple script for brute-forcing URLs and downloading content from them takes just a few minutes to write.<\/p>\n

Such openness is not a bug; the service warns users that every uploaded image is public<\/a>. However, given that leaks of valuable information through Lightshot regularly make the news<\/a>, clearly not everyone reads the fine print.<\/p>\n

How to leak data in Lightshot<\/h2>\n

So what if screenshots enter the public domain? Who cares about sharing gaming records or jokes from work messages? Think creatively: Lightshot users can dox<\/a> themselves in any of at least three very plausible ways.<\/p>\n

Take, for example, an employee who snaps a screenshot of an interface to get help with setting up a new program. Sounds fine. Now, what if a confidential document is open, partially hidden under the application window? Or if someone shares a hilariously stupid work e-mail with a trusted friend, just for a laugh? Or someone shows off an intimate chat but forgets to blur names and addresses?<\/p>\n

Made public in Lightshot, those screenshots could spell serious trouble. Online troublemakers hunt<\/a> for revealing photos for fun; trolls can use them for harassment; and cybercriminals can use the threat of exposure to extort money from victims.<\/p>\n

A trap for busybodies<\/h2>\n

At the same time, even those who keep valuable data private and always check screenshots for unwanted extras may find the service still has a few pitfalls. For example, on any given day the Lightshot portal might contain screenshots with details for accessing a cryptocurrency wallet. Sometimes, the screenshots appear to suggest the account was shared deliberately. Some display requests for help. Some are bizarre and unrelated \u2014 we even saw a suicide note.<\/p>\n

\"Screenshots<\/a>

Screenshots of correspondence showing credentials for fake cryptocurrency accounts<\/p><\/div>\n

In other cases it looks like the \u201ccredentials\u201d got on Lightshot as if by accident or carelessness. For example, we saw screenshots that appeared to be password recovery e-mails for cryptocurrency wallets.<\/p>\n

\"Fake<\/a>

Fake password reset e-mails for equally fake cryptocurrency accounts<\/p><\/div>\n

If a user goes to the URL in the screenshot in pursuit of easy pickings, they will find themselves on a website posing as a cryptocurrency exchange. Entering the credentials gets them into a fake account that appears to hold an impressive amount of cryptocurrency, say, 0.8 BTC (more than $45,000 at the time of posting). And from inside the account, the victim can try to withdraw the funds and transfer them to their own account.<\/p>\n

In that case, the exchange asks for a small commission. It\u2019s mere peanuts compared with the full sum, but it\u2019s fake and will do nothing but line the scammers\u2019 pockets. And, of course, \u201cpeanuts\u201d is relative: A commission of 0.001\u20130.0015 BTC, for example, at current bitcoin rates, comes to approximately $60\u2013$90.<\/p>\n

All in all, the scheme seems to work well, and it does have a certain elegance. At the time of posting, about 0.1 BTC (roughly $6,000) had been transferred to the \u201ccommissions\u201d wallet.<\/p>\n

How to save your money and secure your data<\/h2>\n

Convenience does not mean security or privacy \u2014 often quite the opposite. Lightshot is a prime example. Here are a few tips for working safely with screenshots:<\/p>\n