Pages:
Author

Topic: Dracula Coin is a wallet stealing virus!!! WATCH OUT!! (Read 2234 times)

hero member
Activity: 490
Merit: 500
37iGtdUJc2xXTDkw5TQZJQX1Wb98gSLYVP
thank you for the information, i'll be more careful now in choosing altcoins and do a lot of research before investing so that i can avoidbeing hacked
hero member
Activity: 616
Merit: 500
BTC=1GjeqWFLc4TBDg3bwdQk9ZWnEoNPCT9t6G
a very interesting thread,

if running alt coins , in particular with a dev. that has a reputation such as this always use virtual machine

virtual box is free

if you are not into linux , run windows inside of windows,  you can 'create' several vm's

the person above , curious the same person who was responsible for this was involved with razor....

i remember some other questionable people involved with that coin....

i truly feel bad for anyone who is a victim of a theft like this, it is shameful

also what the op stated about these 'wallets' being clean on virus total ect....

remember virus total can expose 'known' maliscious code......

if the crook uses a known virus and changes a few things around...............well.......... it is not going to come up hot....

even if you compile the wallets yourself...... unless you read through and carefully understand the code this can happen,


if anyone can point me to a link of the original github source code that had this 'virus' aka 'keylogger' in it I would like to inspect it closer.

Curious if they used similar techniques as I have seen used in the past or not....

good thread.

I don't have the source code but I do still have the original infected file all zipped up just the way it came
legendary
Activity: 882
Merit: 1024
Thanks vegasguy for sharing this, it's much appreciated.

I wish it were free software though :S
legendary
Activity: 1148
Merit: 1018
It's about time -- All merrit accepted !!!
a very interesting thread,

if running alt coins , in particular with a dev. that has a reputation such as this always use virtual machine

virtual box is free

if you are not into linux , run windows inside of windows,  you can 'create' several vm's

the person above , curious the same person who was responsible for this was involved with razor....

i remember some other questionable people involved with that coin....

i truly feel bad for anyone who is a victim of a theft like this, it is shameful

also what the op stated about these 'wallets' being clean on virus total ect....

remember virus total can expose 'known' maliscious code......

if the crook uses a known virus and changes a few things around...............well.......... it is not going to come up hot....

even if you compile the wallets yourself...... unless you read through and carefully understand the code this can happen,


if anyone can point me to a link of the original github source code that had this 'virus' aka 'keylogger' in it I would like to inspect it closer.

Curious if they used similar techniques as I have seen used in the past or not....

good thread.
hero member
Activity: 616
Merit: 500
BTC=1GjeqWFLc4TBDg3bwdQk9ZWnEoNPCT9t6G
He is one of the guys doing it.He has been real busy as of late.Don't ask this fucker for any help and don't buy anything he has to offer or your taking a big risk.I cant even mine anymore I cant find any clean downloads every time I download a mining app Like Multiminer/cudaminer/ccminer/bfgminer its infected with trojan.Thats how he got into my system a second time after I cleaned or thought I cleaned out infection now all that shit is just deleted.I dont know how to complie my own apps or I would do just what Nate Wools told me to do.I have ALWAYS had a big problem understand the cmd line it just confuses and befuddles me.I was trying to save up a bit to get my car fixed and to take some online classes on this crypto thing to learn how to compile my own apps and to set up pools.Im sick of relying on other pools to mine at and downloading infected shit.
sr. member
Activity: 451
Merit: 250
Alts Has increasingly been to spread viruses. Thanks for the warning!
Use https://www.virustotal.com/
legendary
Activity: 924
Merit: 1000
"I Vant To Suck Your Coin."

Jeez...the scammer must have a sick sense of humour.
legendary
Activity: 2506
Merit: 1030
Twitter @realmicroguy
hero member
Activity: 616
Merit: 500
BTC=1GjeqWFLc4TBDg3bwdQk9ZWnEoNPCT9t6G
Infoirmation forwarded to all concerned parties.




HI!
 
This is short info. I will sleep few hours and give you more.
 
We found hacker with one of your CCB transaction.
 
Login: BuzzBuzz
Email: [email protected]  (you can find a lot inresting info in google with this email, good for investigation)
IP adresses (probably proxy/vpn): 2.49.238.233, 92.99.158.27, 94.57.10.39, 31.215.122.14, 92.99.166.31, 2.49.255.193, 86.97.250.141
(Almost all ips are from Emirates, example - http://whois.domaintools.com/2.49.238.233
I don't now is it vpn/proxy, or real adresses. I will check it. )
 
Reg date: 19:50:49 20-05-2015
 
One of refferers before auth -
https://bitcointalk.org/index.php?topic=1076331.new

(seems like it's drakula dev)
 
 
What was intresting found about "[email protected]" -  
 https://bitcointalk.org/index.php?topic=500175.455
[email protected] belongs to user hanoosh -
https://bitcointalksearch.org/user/hanoosh-246899
His posts: https://bitcointalksearch.org/user/hanoosh-246899;sa=showPosts
So, hanoosh is hacker and Lion Coin dev - https://bitcointalksearch.org/topic/ann-lion-v20-pos-launched-1707-lion-poker-beta-649055
Unfortunly hanoosh is not active on Bitcointalk now.
 
Hanoosh GIT page - https://github.com/Hanoosh
 
Hanoosh on cryptocointalk - https://cryptocointalk.com/topic/12407-lion-lion-information/
 
Not sure, but seems like he was born in Palestine - https://bitcointalksearch.org/topic/m.7970500
and may be lives now in Emirates.
 
I will sleep few hours and will try to investigate/send you more information.
hero member
Activity: 616
Merit: 500
BTC=1GjeqWFLc4TBDg3bwdQk9ZWnEoNPCT9t6G
Thanks for the info.Will def be buying that software when I get the chance.I think I got it all off here.Thought I did  started up my 007 wallet and 250 coins went poof lol so was still on here did a scan with panda deleted a buncha stuff.hopefully were clean now but kinda afraid to start up wallets again thumb drive were they on says clean so i don't know
sr. member
Activity: 951
Merit: 259
Once I was playing with Keyloggers too, so for you just one notification, actually what keylogger does, alow attacker to have control over the victim PC, but first what attackers do is that they download your saved passwords what you have in firefox, chrome..ect ect so the best protection at first is to encrypt your saved passwords...in Firefox option: Use a master password.
And buy some software, because one time when they connect to your PC they can install any Keylogger, even that what you are tipping on your keyboard can be saved to a .txt file...stay safe Wink

This is for mainly windows systems though isn't it or am I wrong? Also only if you download malware to begin with? I never download on this linux system but do click links now and again, can't get them from just clicking links can you, Has to be downloaded like from one of these crappy wallets mentioned? Thanks anyone who can answer who is in the know. Sorry to hear that vegas about your loss but at least you learnt and it won't happen again and you're helping us who it hasn't happened to which is good!

Yes I'm using Windows ! Yes of course, only if you download malware somewhere, mostly in cracks, small softwares, cracking softwares, they can be hidden anywhere, can be attach at any software, pic...and mostly they are like 325 kb large, so mostly noobs just upload around 325 kb by different name, so be careful when you see some software or crack arround that number.
In Task manager you can find it by the name "server.exe" or "msnm.exe" or any name but those two is by default of that Rat softwares.
full member
Activity: 168
Merit: 100
Yobit is the only Exchange with DRA. They will be happy when they will hear this. LOL

EDIT: They are using Linux...So no problem for them.
hero member
Activity: 568
Merit: 500
Smoke weed everyday!
Once I was playing with Keyloggers too, so for you just one notification, actually what keylogger does, alow attacker to have control over the victim PC, but first what attackers do is that they download your saved passwords what you have in firefox, chrome..ect ect so the best protection at first is to encrypt your saved passwords...in Firefox option: Use a master password.
And buy some software, because one time when they connect to your PC they can install any Keylogger, even that what you are tipping on your keyboard can be saved to a .txt file...stay safe Wink

This is for mainly windows systems though isn't it or am I wrong? Also only if you download malware to begin with? I never download on this linux system but do click links now and again, can't get them from just clicking links can you, Has to be downloaded like from one of these crappy wallets mentioned? Thanks anyone who can answer who is in the know. Sorry to hear that vegas about your loss but at least you learnt and it won't happen again and you're helping us who it hasn't happened to which is good!
legendary
Activity: 1848
Merit: 1000
Thanks for the warning, nice catch!
sr. member
Activity: 951
Merit: 259
Once I was playing with Keyloggers too, so for you just one notification, actually what keylogger does, alow attacker to have control over the victim PC, but first what attackers do is that they download your saved passwords what you have in firefox, chrome..ect ect so the best protection at first is to encrypt your saved passwords...in Firefox option: Use a master password.
And buy some software, because one time when they connect to your PC they can install any Keylogger, even that what you are tipping on your keyboard can be saved to a .txt file...stay safe Wink
hero member
Activity: 852
Merit: 500
Thanks. Like I said in the Dracula Ann before it imploded. "Coming to suck my btc".
full member
Activity: 130
Merit: 100
Moving markets!
Thanks for the information these keyloggers are so annoying.
Agreed especially if they get your passwords. Disaster.  Undecided
sr. member
Activity: 448
Merit: 250
tyvm for great info
hero member
Activity: 588
Merit: 500
Thanks for the information these keyloggers are so annoying.
legendary
Activity: 1610
Merit: 1003
"Yobit pump alert software" Link in my signature!
Im not ashamed to say I was a victim of a keylogger on August 2nd 2014. They cleaned out EVERYTHING, my biggest holding was 7700 BTCD (Bitcoindark). +/- $37,000 . I SWORE I would never go through this again Sad It is beyond depressing Sad Nobody can understand , unless youve been though it, its devastating Sad  If you want details on my story https://bitcointalk.org/index.php?topic=721306.270;imode . I know the pain, and I dont want it to happen to you guys too . Think about all the money you spend on crypto, and you DONT have THE most important part, a good antikeylogger.

Vegas
Pages:
Jump to: