Report Malware and Suspicious Links here so Mods can take Action ! - page 8.

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: BABY SHOES on November 03, 2023, 10:23:22 AM

There was recently a fake Ann with a trojan in the Github download.

Fake Gituhub: github.com/AgloranProject
User: Lonyee665 - This user has 282 activities and suddenly spreads a trojan with a fake ANN, maybe this account was hacked.
ANN Fake: [ANN] [AGL] Agloran - perfect health area [FiroPow/Fast exchanges]

Virustotal : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385

Yeb you are right its a Fake Ann Topic with a new Fake Github Account with malware download Link !
The Fake Github Account was just created 39 Minutes ago

The downloaded File also create and starts the same PhoenixMinerReborn.exe as the last 2 other Fake Ann downloads.

Code:

C:\Users\user\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385/behavior

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

There was recently a fake Ann with a trojan in the Github download.

Fake Gituhub: github.com/AgloranProject
User: Lonyee665 - This user has 282 activities and suddenly spreads a trojan with a fake ANN, maybe this account was hacked.
ANN Fake: [ANN] [AGL] Agloran - perfect health area [FiroPow/Fast exchanges]

Virustotal : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385

Lafu

legendary

Activity: 2996

Merit: 3114

We have another Fake Ann with an Fake Github Account that have a Trojan and Malware download Link for OgreCoin !

The Fake Github was just created 2 Hours ago.

Fake Github : github.com/Ogrecoin

Account : jfedirolaret <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
The Account is Registered since October 03, 2021 , hacked or sold Account

Fake Ann Thread : [ANN] [OGR] OgreCoin - meme token destroyer, WHOAAA (Ghostrider)

Quote from: ?? on ??

Ogre wallet

Code:

https://github.com/Ogrecoin/OgreOgre/releases/tag/0.0.1

Virsutotal Link : https://www.virustotal.com/gui/file/11606965da6486074fb915e7e80078180f1403c5a7e859a3b323c35b93b8d722?nocache=1

The strange thing here is the behavior of the File when it gets installed and started.
It create this file here and starts it when the Fake Wallet file gets started.

Code:

C:\Users\\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/11606965da6486074fb915e7e80078180f1403c5a7e859a3b323c35b93b8d722/behavior

And the same Fake Ann and a Fake Github Account we got here for ARMATA !

The Fake Github Account was just created 16 Hours ago.

Fake Github : github.com/ArmataProject

Account : Taretionks <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
The Account is Registered since October 03, 2021 , hacked or sold Account

Quote from: ?? on ??

Our Github

Code:

https://github.com/ArmataProject/Armata

Virustotal : https://www.virustotal.com/gui/file/c89f4761d9c3d70068a16521911391aa9efebdb796f26744a92f08702c71d6fb/detection

And same here there will be a file created with name PhoenixMinerReborn.exe

Code:

C:\Users\\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/c89f4761d9c3d70068a16521911391aa9efebdb796f26744a92f08702c71d6fb/behavior

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: light_warrior on October 27, 2023, 03:56:10 PM

One comrade here is spamming with his miner, in which virustotal detected a trojan. I don't know if the fact that only two virustotal antivirus engines detected a trojan in this file is enough.

Its enough and the detections from Virustotal are not false positive and you was right to report them here.
Thanks for keeping your eyes open , i also reported posts from all 2 Users and they are already deleted.
I also reanalyzed the file again on Virustotal and it got now 3 detections , thanks again for let me know about that.

light_warrior

copper member

Activity: 602

Merit: 926

One comrade here is spamming with his miner, in which virustotal detected a trojan. I don't know if the fact that only two virustotal antivirus engines detected a trojan in this file is enough.

bitbooster

https://bitcointalksearch.org/topic/re-ann-bitsense-bounty-distribution-2460715
https://bitcointalksearch.org/topic/bountyairdrop-buzzex-trade-at-up-to-100-discount-and-also-earn-in-revenue-5048062
https://bitcointalksearch.org/topic/annmintmecomcreate-your-own-coin-or-token-for-free-5195589

Link to virustotal

Code:

https://www.dropbox.com/scl/fi/o05mj6j7asredpbpd7kcs/Installer-Install-2023_v3x.1t.zip?rlkey=uvkxs4gid3dmea7ieomkspwhq&dl=1

UPD

Another comrade is circulating the same link

kerncc1

https://bitcointalksearch.org/topic/where-to-fix-your-asic-miners-5297994
https://bitcointalksearch.org/topic/bitcrack-a-tool-for-brute-forcing-private-keys-4453897
https://bitcointalksearch.org/topic/bitcrack-a-tool-for-brute-forcing-private-keys-4453897

Lafu

legendary

Activity: 2996

Merit: 3114

And we have a new Fake Miner Topic with a new Fake download Github Account Link with Malware for Pooler CPUMiner !

The Fake Github Account was created 3 days ago.

Fake Github : github.com/poooIer/cpuminer
Real Github : github.com/pooler/cpuminer

Account : BitTargetPlus <--- Please ban or Lock that Account and delete the Thread
Its a new Fake Account from the Hackers and was just Registered yesterday.

Fake Miner Thread : The latest release of Pooler CPUMiner v2.5.2 is now available.

Quote from: ?? on ??

Current Version: 2.5.2 (Okt 19, 2023)

Code:

https://github.com/poooIer/cpuminer/blob/v2.5.2

There is no new Version of that CpuMiner!

Original CpuMiner Thread : An (even more) optimized version of cpuminer (pooler's cpuminer, CPU-only)

Account : pooler

Quote from: pooler on December 19, 2011, 12:27:00 PM

Current Version: 2.5.1 (Jun 25, 2020)
https://github.com/pooler/cpuminer

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 2996

Merit: 3114

In this case you are not right BABY SHOES !

The Github you have posted is no Fake one and what you see in the Virustotal scan detection here
https://www.virustotal.com/gui/file/e5fd4a1d67f8366c67117a3a0a64385b4177adf4b66e45ae622d5e34a579c466?nocache=1 is a false postive detection one for miners.

This one here is fine and original Ann Thread:
SquishyCoin

Code:

https://github.com/sqcndev/SquishyCoin/releases/tag/v0.7.2

[ANN] Squishy Coin (SQCN) PoW / PoS | Equihash 200,9 --- June 23, 2023

Quote from: BABY SHOES on September 28, 2023, 08:33:53 AM

Account name
ReactiveBitcoin Create Today
[Re-ANN] [SQCN] SquishyCoin - rework and update coin [Equihash 200,9]

This one here is for sure a Fake one and i guess soon there will be an fake github link edited in there.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

There is an old thread in June still not reported, because their site is active and also the shitcoin is traded on the Xeggex exchange after making a deeper search by checking the downloaded wallet and then checking in Virustotal detected Malware.
Even worse, they tried to create a new ANN with a new account to spread it, fortunately now we are reporting them.

Account name
ReactiveBitcoin Create Today
SquishyCoin

ANN
[Re-ANN] [SQCN] SquishyCoin - rework and update coin [Equihash 200,9]
[ANN] Squishy Coin (SQCN) PoW / PoS | Equihash 200,9 --- June 23, 2023

Fake GitHub

Code:

https://github.com/sqcndev/SquishyCoin/releases/tag/v0.7.2

Detected

Code:

https://www.virustotal.com/gui/file/e5fd4a1d67f8366c67117a3a0a64385b4177adf4b66e45ae622d5e34a579c466?nocache=1

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: BABY SHOES on September 27, 2023, 06:20:45 PM

Another one with a newbie account makes malware spread by continuing to create ANNs that are locked. I will not get tired of reporting them.

Yes you are right with the last Fake Ann , the Fake Github github.com/SirkonaCoin was just created 4 Hours ago.
Nice to hear that you dont get tired of reporting them , thats for sure a big help fighting against this things.
Looks like they got not anymore hacked Accounts that they can use as the last ones new Accounts.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Quote from: Lafu on September 27, 2023, 11:22:10 AM

Yes you are right as i have written a post earlier its always helpfull to collect the Fake Threads and there Links.
Its good to have some help against the Hackers and Malware spreading hacked User Accounts .

Yes we must continue to report in every thread that is suspicious of spreading malware here, most of what I find are newbie accounts that have just been registered.
Another one with a newbie account makes malware spread by continuing to create ANNs that are locked. I will not get tired of reporting them.

Account name: SirkonaMoment
ANN: [ANN] [KRS] Sirkona - safety communication [ProgPow]

Don't click

Code:

https://github.com/SirkonaCoin/Sirkona/releases/download/1.0.0/SirkonaProject-win-v1.0.0.zip

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: BABY SHOES on September 26, 2023, 09:58:00 PM

~~~~~~

Thanks afor keeping your eyes open and that reported the threads and things , i was just on the mobile earlier when i tagged the Account.
Yes you are right as i have written a post earlier its always helpfull to collect the Fake Threads and there Links.
Its good to have some help against the Hackers and Malware spreading hacked User Accounts .

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Spreading Malware with fake ANN Although it has been tagged by @Lafu today but I think it is necessary to report here and action,

Account name SirenaMoon - ban
Thread: [ANN] [SRN] SirenaProject - collective help for profit [FiroPOW/Mineable now] & [ANN] [SRN] SirenaProject - collective help for profit [Mineable now]

Code:

https://github.com/SirenaProject/SirenaCoin/blob/main/SirenaProject-main.zip

Check on Virustotal which detected Malware

Additional edits
Malware spreading fraudsters have created new accounts by creating the same thread and with the thread locked.

Account name CoronelsN

ANN
[ANN] [NSR] SIR - crypto messenger for communication (FiroPOW/Fast start)

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

It seems that these gangs are not tired of continuing to spread malware by spreading it in self-moderated threads.
With accounts created in 2021 created simultaneously and now waking up again to spread it.

Account name:
Fatendisto - Create October 01, 2021, 06:38:54 PM
vikolkolpet - Create October 01, 2021, 06:40:37 PM
hafuterkina - Create October 01, 2021, 06:42:27 PM
jugujikolesad - Create October 01, 2021, 06:49:15 PM
Kerikostaw - Create October 01, 2021, 06:53:15 PM

ANN
Berto Coin - Your Very Own 3D Printed Bitcoin
Alfalah Coin - The Ultimate Crypto Innovation for Charity & Local Businesses
PID Coin - Empowering Internet Users with Personal Data Ownership
Modic Coin (MODIC) - Your Modern Investment Coin
StefanCoin - Your Politically Correct, Decentralized Coin

Fake Github

Code:

https://github.com/berto-coin/berto-coin/releases/tag/v1.2.0
https://github.com/Alfalah-Coin/Core/releases/tag/v1.1.3
https://github.com/Pid-Coin/Core/releases/tag/v1.1.1
https://github.com/Modic-Coin/modic-coin/releases/tag/v1.3.3
https://github.com/Stefan-Coin/Core/releases/tag/v1.0.2

The file size is the same as yesterday above

Checking on Virustotal detected a trojan virus/malware

Code:

https://www.virustotal.com/gui/file/1d5a517283b717ceb309b1a524de9e34d3ae9553f5111ba4b87be1c907e7e9a3
https://www.virustotal.com/gui/file/c47fde0015a1f5f3d39ffb4522b54f37c3528833ccca7b24e2839c9077388b3a?nocache=1
https://www.virustotal.com/gui/file/1362f6dd1a93d80b8134512f2848890b812326feb3c55b0cd95e1f6a4b38653c?nocache=1
https://www.virustotal.com/gui/file/a512218aa9ce5b4dd1619679d34ed8d944c08348ed5009840ac2721f37f4b088?nocache=1
https://www.virustotal.com/gui/file/4810f16c9f6dec19a9fe38405634a893cf12cbb1f78dfa84232356a84591a6df?nocache=1

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Found fake threads by spreading viruses from apps downloaded from fake GitHub,

ANN: https://bitcointalksearch.org/topic/--5467770
Account: tawaresder

Fake GitHub: (Created 41 minutes ago)

Code:

https://github.com/bitxor-coin/bitxor-coin/releases/tag/v1.0.3

Virustotal: https://www.virustotal.com/gui/file/545d03832a26a05559d378c2669c97e5af0a84303c3830b701afad496dc88559

ANN: https://bitcointalksearch.org/topic/--5467768
Account: Ujetanokilk

Fake GitHub: (Made a few hours ago)

Code:

https://github.com/thewebers-coin/thewebers-coin/releases/tag/v1.0.1

Virustotal: https://www.virustotal.com/gui/file/24e7c50efa47ecbd08a1e556b5c3e034b5e6f4d5c09fa7146865021bb12052ef

ANN: https://bitcointalksearch.org/topic/--5467764
Account: ikopreditero

Fake GitHub:

Code:

https://github.com/Scrooge-Coin/Scrooge-Coin/releases/tag/v1.2.1

Virustotal: https://www.virustotal.com/gui/file/c625324960a6c20b41472c901c6521a9bc92d75edaf0f42a45c93892fe1f5b11

ANN: https://bitcointalksearch.org/topic/--5467771
Account: gattokoter

Fake GitHub:

Code:

https://github.com/Capy-Coin/Core/releases/tag/v1.2.2

Virustotal: https://www.virustotal.com/gui/file/bf3e4c13e6f965d38d88087e8ef861d9acf2d8eb9398178e679c19d28214d2b7?nocache=1

ANN: https://bitcointalksearch.org/topic/--5467759
Account: likkosader

Fake GitHub:

Code:

https://github.com/Shmingus-Coin/Core/releases/tag/v1.1.0

Virustotal: https://www.virustotal.com/gui/file/c6bf52a2d0904e1ec337401ddebd782885e505ffc126f4a8838678d6ef2793bf

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: light_warrior on September 21, 2023, 02:53:49 PM

I discovered a fake topic here with a link to github. And there I downloaded and checked the file that this comrade advertises.
To Lafu, is that right?

Awesome light_warrior , nice catch on all that fake links and fake topics and thanks for keep your eyes open and reporting them and write in here.
Yes it is right how you have posted in here the last one and it helps a lot if i or the moderators or anybody else searching for.
Its easier to hunt the hackers down with that records in the future.

light_warrior

copper member

Activity: 602

Merit: 926

I discovered a fake topic here with a link to github. And there I downloaded and checked the file that this comrade advertises. Virustotal shows that this file is not safe. There's a trojan in there.

Link to topic - Litecoin Core integration/staging tree

The comrade who posted the topic - lafotihgyt Banned

Link to github

Code:

https://github.com/lite-coin/lite-coin/releases/tag/v1.3.3

Link to Virustotal

To Lafu, is that right?

UPD

I also found several other topics with the same content. The file names are different, but the content is the same

1. Commie Coin - Your Ticket to Financial Equality

Code:

https://github.com/commie-coin/commie-coin/releases/tag/v1.3.3

2. ServicesCoin - Empowering Small Businesses

Code:

https://github.com/services-coin/core/releases/tag/v1.1.3

3. CryptoNote Cryptocurrency Protocol Reference

Code:

https://github.com/medical-coin/core/releases/tag/v1.1.0

Lafu

legendary

Activity: 2996

Merit: 3114

And we have a new Fake Ann Thread with a new Fake Github Account download link with Malware for Luckcoin!

Fake Github : github.com/luck-network

Account : CoinQuest <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in January 12, 2021 , hacked or sold Account

Fake Ann Thread : [ANN][2POW] Luck - A new consensus algorithm to eliminate large mining pools

Quote from: ?? on ??

Wallet

Code:

https://github.com/luck-network/LUCKcoin/releases

Original Ann Thread : [ANN][2POW] Luck - A new consensus algorithm to eliminate large mining pools

Account : Sherlock.Holmes

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: Bitcoin_Arena on September 19, 2023, 09:38:41 AM

These people trying to spread malware are now becoming crafty. This particular one posted a link to a Telegram channel where the malware is uploaded. Previous posts in the channel indicated that they used to post GitHub links of accounts that have since been deleted/banned because of trying to spread malicious files.

Nice catch Bitcoin_Arena , and yes this hackers never sleeping and have new ideas how to spread there Malware shit download links.
But as long we or a few keep there eyes open and searching for them they have no chance in the long term.
Its easy to get them if you know where and how to search.

And we have already a new Fake Ann with the Fake Github download link for perfixcoin !

Fake Github : github.com/perfix-coin

Account : Pumapipa <--- Please ban or Lock that Account and delete the Thread
The last post of this Account was back in July 11, 2019 , hacked or sold Account

Fake Ann Thread : [ANN] PerFix - Trusted & Secure Crypto Project (POW+POS)

Quote from: ?? on ??

Code:

https://github.com/perfix-coin/Perfix/releases/download/1.15/PerFix.zip

This post is also a reference for the Github Report !

Bitcoin_Arena

copper member

Activity: 2030

Merit: 1788

฿itcoin for all, All for ฿itcoin.

These people trying to spread malware are now becoming crafty. This particular one posted a link to a Telegram channel where the malware is uploaded. Previous posts in the channel indicated that they used to post GitHub links of accounts that have since been deleted/banned because of trying to spread malicious files.

The account is fairly old, so probably hacked.

Here is another one

Hachiman Ban or lock

ANN: Good news for KS0 owners ! https://ninjastic.space/post/62863058

Virustotal results: https://www.virustotal.com/gui/file/0aea26ef40526c8f352e09e9d14a7fe7a0663046f08090b6877b5d63bb0b4bc3 (21 security vendors flagged the file as malicious)

Fake Telegram Channel Link

Code:

https://t.me/RocketMinerBest

The zipped file uploaded there contains an executable file that is malicious

Code:

ICERIVER_UPD_FWARE.exe

Lafu

legendary

Activity: 2996

Merit: 3114

Quote from: light_warrior on September 18, 2023, 09:09:27 AM

Here one comrade (most likely a hacked account) posted a thread with a phishing link to download the wallet. Please ban this comrade. I think he deserves it. So that he will not continue to spread such nasty things.

zaharalaqila

Nice catch light_warrior , and yes you was right with the Fake download link and that the Account is hacked !
Maybe next time you catch something like that you can write more information in a quote with the Github made in code format in your post like the following.

Quote

Download links:

Code:

https_://github.com/perfix-coin/Gminer

Source : https://ninjastic.space/search?author=zaharalaqila

With that its easier for the Moderators and me to find out if the Link was already posted here on the forum.
This also helps in future if you searching for Fake Github Accounts.

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 8. (Read 34654 times)