Pages:
Author

Topic: ALERT! sgminerwindows.com Stealing Bitcoins! (Read 13568 times)

sr. member
Activity: 412
Merit: 250
November 20, 2014, 04:45:41 AM
#94
ok thanks I see that above. How to setup X11 I didn't see kernel for that?
legendary
Activity: 885
Merit: 1006
NiceHash.com
November 20, 2014, 04:27:24 AM
#93
where I can download clean of viruses miner which is compilled for x11 and x13?

Here you can download trustworthy windows/linux sgminer and cgminer binaries: https://www.nicehash.com/software/#sgminer
sr. member
Activity: 412
Merit: 250
November 20, 2014, 03:59:47 AM
#92
where I can download clean of viruses miner which is compilled for x11 and x13?
full member
Activity: 142
Merit: 100
September 12, 2014, 02:10:55 PM
#91
That's it. I am NOT gonna trust this shit until I hear differently about CLEAN and dependable files with FULL and EXPLICIT clearance. This is so bad.
legendary
Activity: 885
Merit: 1006
NiceHash.com
Here you can download trustworthy windows/linux sgminer and cgminer binaries: https://www.nicehash.com/software/
hero member
Activity: 546
Merit: 510
What type of file are you decompiling, IDA wont identify the entry point of several different files and only break them down to hex.
I'm trying to decompile the shirecoin-qt.exe (not sure if possible).
chnchapters said he saw the code, and that it steals the wallets like the miner.

Never ever use precompiled binaries of altcoins, always check the code on github first. Any closed source altcoins can not be trusted either.

To difficult for average user. I have no idea how to do that kinda shit, just instal and launch, that is the only way to go!  Cool
sr. member
Activity: 476
Merit: 250
What type of file are you decompiling, IDA wont identify the entry point of several different files and only break them down to hex.
I'm trying to decompile the shirecoin-qt.exe (not sure if possible).
chnchapters said he saw the code, and that it steals the wallets like the miner.

Never ever use precompiled binaries of altcoins, always check the code on github first. Any closed source altcoins can not be trusted either.
sr. member
Activity: 407
Merit: 250
I used HexRays/IDA
I can show you exactly how I did when I get off work,
the tainted SGminer programs, and Shire coin both use the same ftp server where the stolen wallets were being up loaded.
Sure, when you can.

I'm using idaq.exe (i guess that's the program you mention).
I selected the shirecoin-qt.exe and let it analyze it (with default options), but when I tried to go to pseudo code, it told me "decompilation failure"

If I choose binary --> processor type Microsoft - net.
Then it says it can't identify the entry point.
And I get to see hex crap. Can't view pseudo code mode.

Well, first time using this program, so maybe there's some trick.
Thanks.
@chnchapters: Don't forget, thanks.
sr. member
Activity: 407
Merit: 250
What type of file are you decompiling, IDA wont identify the entry point of several different files and only break them down to hex.
I'm trying to decompile the shirecoin-qt.exe (not sure if possible).
chnchapters said he saw the code, and that it steals the wallets like the miner.
sr. member
Activity: 336
Merit: 250
What type of file are you decompiling, IDA wont identify the entry point of several different files and only break them down to hex.
sr. member
Activity: 407
Merit: 250
I used HexRays/IDA
I can show you exactly how I did when I get off work,
the tainted SGminer programs, and Shire coin both use the same ftp server where the stolen wallets were being up loaded.
Sure, when you can.

I'm using idaq.exe (i guess that's the program you mention).
I selected the shirecoin-qt.exe and let it analyze it (with default options), but when I tried to go to pseudo code, it told me "decompilation failure"

If I choose binary --> processor type Microsoft - net.
Then it says it can't identify the entry point.
And I get to see hex crap. Can't view pseudo code mode.

Well, first time using this program, so maybe there's some trick.
Thanks.
member
Activity: 106
Merit: 10
I used HexRays/IDA
I can show you exactly how I did when I get off work,
the tainted SGminer programs, and Shire coin both use the same ftp server where the stolen wallets were being up loaded.
sr. member
Activity: 407
Merit: 250
He is also the creator of Shire Coin, which is a scam because it uses the same code to steal coins if you download the wallet.
How can I check that?
I downloaded that qt some time ago, so it probably stole my encrypted wallet.dat (haven't lost coins, but still want to know if I should consider the wallet compromised)
I tried decompiling it, but it says it isn't a .net program.
What did you use to view the code? Thanks.
hero member
Activity: 938
Merit: 1000
www.multipool.us
So is it confirmed that the tainted code was only in recent builds?  If so, how long ago did it happen?

According to LiteSaber, the tainted code was in the most recent binaries which were linked from another site (minersforwindows.com)
newbie
Activity: 15
Merit: 0
So is it confirmed that the tainted code was only in recent builds?  If so, how long ago did it happen?
hero member
Activity: 938
Merit: 1000
www.multipool.us
I have the domain now.  I will be downing the site until the new binaries are available with an explanation of what happened.
member
Activity: 83
Merit: 10
Just for future reference.

I've handed over control of the sgminerwindows.com domain / website to flound1129

Hopefully he has more time to keep it all up to date than I did.
full member
Activity: 168
Merit: 100
From my simple investigation if would seem its a non persistent threat, as seen in the code back in the thread.

It basically looks for common wallet files and uploads them to a FTP server each time its run.

So encrypt your bloody wallets always.

newbie
Activity: 16
Merit: 0
their all set manicious malyware update virus.
you should check your device.
sr. member
Activity: 412
Merit: 250
If you read on site he is not compilled latest version of sgminer but he downloaded it from here
http://minersforwindows.com/

Actually this site is with malware sgminer
Pages:
Jump to: