Author

Topic: DarkPay coin - fake project, malicious wallet! (Read 317 times)

legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
I'm sorry to bump my own thread but it's easier for me to then report this sorry soab.


The same story, he makes a new account, copy-pastes some random ANN and sneaks a malicious wallet inside.

MaBug

Code:
Date Registered: 	Today at 10:32:47 PM
Last Active: Today at 10:55:35 PM

[ANN] Allvor: cryptocurrency for e-commerce powered by the XRP Ledger - (archived)

Original Allvor ANN - https://bitcointalksearch.org/topic/ann-allvor-cryptocurrency-for-e-commerce-powered-by-the-xrp-ledger-3218546

do not click/or download:
Code:
https://bitbucket.org/astingl/allvor/downloads/ToastWallet-2.5.8.7z



https://www.virustotal.com/#/url/de241762ac640d8d38db9d43d11fc80a254f0afc8069565bfe7111db0f721f6f/detection
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
This guy obviously isn't stopping anytime soon. He made a brand new account just to start another ANN with an infected wallet inside.

Hezacez

Code:
Date Registered: 	April 18, 2019, 09:44:49 PM
Last Active: April 18, 2019, 09:49:47 PM

QXAN Coin POW|POS|MN - listed on Crex24 - ORIGINAL QUANTIS CODE before FORK ! - (archived)

Original QXAN ANN - https://bitcointalksearch.org/topic/qxan-coin-powposmn-listed-on-crex24-original-quantis-code-before-fork-5100233

do not click/or download:
Code:
Windows CLI + GUI (64-bit):
https://bitbucket.org/astingl/qxan/downloads/quantis.windows-qt.zip



https://www.virustotal.com/#/file/2004c91c7ae0ecca292ef3fe15983bb03cf4df98ae49a12bfb93c78903570d5c/detection


legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
Update:

Apparently, KillRoy2005 is not his only alt account, I found another one - morthar.

[ANN][ZUS]Zeleus - fast transactions, anonymity, rapid development[CNv8/CPU]; (archived)

This time virustotal detects: https://i.ibb.co/Y49vHNd/zml.jpg

and a user report:
dont use it its a password stealer
i try it windows defender block it


PWS:Win32/Mocrt.A!MTB
Alert level: severe
Status:quarantine
Category:password stealer
Details:this program is dangerous password stealer



For some odd reason, s107n decided to bump a masternode project with a plagiarized post, what's even funnier is that only bumping bots that I reported last year use the copied text. I'm not sure if a connection exists between the two, but it definitely feels weird.

Copy:
I need to know more about this project on how this things worked so that I can see whether it has the ability to be successful. This project is still new and to make things clearly we should research more about their whole team and the developers

(archived)

Original:
I need to know more about this project on how this things worked so that I can see whether it has the ability to be successful. This project is still new and to make things clearly we should research more about their whole team and the developers

(archived)
sr. member
Activity: 392
Merit: 892
Check the post above yours in "Report plagiarism (copy/paste) here.".  Grin

Hopefully, this time mods ban him but seeing how stubborn/persistent he is with fake projects/ANNs, I won't be surprised to spot more of these alt accounts trying to push infected qt wallets again.

Ooops... sorry... deleted... I just clicked reply and... deleted now.  Smiley

I think those idiots are in a deep stage of anger/hate. Trying to f*** people in this forum with their virus etc..
Maybe someone killed their pet project and they are very upset.


legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
Check the post above yours in "Report plagiarism (copy/paste) here.".  Grin

Hopefully, this time mods ban him but seeing how stubborn/persistent he is with fake projects/ANNs, I won't be surprised to spot more of these alt accounts trying to push infected qt wallets again.
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
Mods cleaned up almost everything but they didn't ban him. I guess it's "hard" to prove a malware within a wallet. Anyway, in return that dumb shit posted another ann with the same self-extracting keylogger which I'm now reporting. Hopefully, they get rid of this idiot once and for all (not that he won't make another account tomorrow...Undecided).

[ANN][TRY] Tyron - experimental cryptocurrency [CNv8/POW][NO ICO]; archived

legendary
Activity: 3654
Merit: 8909
https://bpip.org
Make sure to report to mods too... should be banned for spreading malware.
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
What happened: User creates multiple fake projects and posts a link with malicious wallets inside.

Reference Link: https://github.com/DarkPay-coin/

Announced by: s107n

ANN: https://bitcointalksearch.org/topic/anndpy-darkpay-progress-in-anonymous-payments-equihashpow-5132473

  • User s107n has posted his fifth project within the past two weeks, all projects are fake with only a link to a possibly infected wallet
  • All topics are self-moderated where he deletes every post that exposes him, he also edits his own post and he then deletes github channels

Google cache links does not work but we can clearly see projects name and GitHub link:

[ANN][ZXS]ZEXUS - anonymity, security, rapid development posted on Apr 3, 2019 github link gone!

[ANN][CLK]ClasteK - explerimental cryptocurrency posted on Apr 7, 2019 github link gone!

[ANN][SEA]SaveEarthCoin - salvation at any cost posted on Apr 8, 2019 github link gone!


Archive of the ANN:https://archive.fo/pFXvK


Edit1;

Make sure to report to mods too... should be banned for spreading malware.

I did.



https://www.virustotal.com/gui/file/fd7271adefbd4169388e72b0a8b804834a17f60a86815224f6e5f41fbad24c2b/detection


Edit2;

You deleted my post and i'll post again cos atm i've nothing doing.
Scamming people and hacking is an offense and i hope you are aware of that.

Possibly Malicious file ...

After simulation, The wallet creates creates an extra executable file "darkpay.exe" in the roaming folder.
The archive also contains "resource.dll" not sure why but but won't be too far from containing stubs fro encrypted virus.
This action is suspicious considering the fact the the source code isn't uploaded.

I scanned and was clean but don't be fooled with crypters as it can be encrypted to avoid detection from antivirus.

Everyone beware of this binary wallet, i rate it at High risk!
Jump to: