Author

Topic: FAKE - TRON AIRDROP - 18,000 TRX (Read 222 times)

legendary
Activity: 3416
Merit: 1225
July 09, 2020, 09:21:18 PM
#10
Here's a run of the download in a sandbox: https://app.any.run/tasks/fa854a34-f9c9-4be6-9bfc-529ed16c94c3

Essentially, it installs a RAT on your system - most likely to steal keys/passwords/logins/cookies - and communicates via SOAP messages

Very interesting thank for posting this, now people will have an idea what happen when you visit the site and take the offer, the airdrop thing is now becoming very synonymous to scam, how many scams we have seen that cloak itself as airdrops, I already saw so many of it and some of them are being advertised on big channels like Adsense.
newbie
Activity: 7
Merit: 4
July 09, 2020, 07:56:08 PM
#9
Here's a run of the download in a sandbox: https://app.any.run/tasks/fa854a34-f9c9-4be6-9bfc-529ed16c94c3

Essentially, it installs a RAT on your system - most likely to steal keys/passwords/logins/cookies - and communicates via SOAP messages
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 08, 2020, 05:19:26 AM
#8
There is a high chance that they are scraping emails here, or those bounties that are asking for emails in the past are being used by this scammers. Luckily, I haven't received any so far because I never joined bounty. And I agree that this is the same scammers all along, registering domain names one after another and then continue with that email list blast.
I think it's like that they scrape the email from the previous bounty so they can easily send so many emails because it's already on their list, surely this will continue to be repeated and we will get the email really fed up with their trap.
hero member
Activity: 2660
Merit: 551
July 08, 2020, 02:01:48 AM
#7
Yeap,,,most probably all these fake airdrop website owners are connected together and they have a strong source from where they get crypto users email.  
Yes, Obviously they have a strong source to collect emails. what I guess it could be this bitcointalk forum. Because what link I provided about stellar fake airdrop you can see a google form for submitting address and additional info where they put a slot for submitting bitcointalk username. So they know these people have a bitcointalk account too.

There is a high chance that they are scraping emails here, or those bounties that are asking for emails in the past are being used by this scammers. Luckily, I haven't received any so far because I never joined bounty. And I agree that this is the same scammers all along, registering domain names one after another and then continue with that email list blast.

legendary
Activity: 2436
Merit: 1189
Need Campaign Manager?PM on telegram @sujonali1819
July 07, 2020, 12:08:04 PM
#6
Yeap,,,most probably all these fake airdrop website owners are connected together and they have a strong source from where they get crypto users email.  
Yes, Obviously they have a strong source to collect emails. what I guess it could be this bitcointalk forum. Because what link I provided about stellar fake airdrop you can see a google form for submitting address and additional info where they put a slot for submitting bitcointalk username. So they know these people have a bitcointalk account too.

maybe they brought emails from the scam project, or they launch a fake airdrop or bounty where they asked for submitting email address. etc.
copper member
Activity: 1204
Merit: 737
✅ Need Campaign Manager? TG > @TalkStar675
July 07, 2020, 11:55:36 AM
#5
I reported a fake stellar airdrop here All are looking very similar to each other. Same technic to scam. First, collect emails, sending email to crypto user by a popular exchange named email, a spreadsheet for submitting info, Lastly force to download a wallet/software which have malware.
Looks like they have a fixed roadmap by following that they are continuing their scam game. I am really curious to find out the source of emails by which they are targeting specific crypto users.  
 
All seem the same scammer team is running these fake airdrops and malware to steal money.
Yeap,,,most probably all these fake airdrop website owners are connected together and they have a strong source from where they get crypto users email.  
legendary
Activity: 2436
Merit: 1189
Need Campaign Manager?PM on telegram @sujonali1819
July 07, 2020, 10:16:31 AM
#4
I reported a fake stellar airdrop here All are looking very similar to each other. Same technic to scam. First, collect emails, sending email to crypto user by a popular exchange named email, a spreadsheet for submitting info, Lastly force to download a wallet/software which have malware.

All seem the same scammer team is running these fake airdrops and malware to steal money.
copper member
Activity: 1204
Merit: 737
✅ Need Campaign Manager? TG > @TalkStar675
July 07, 2020, 09:38:57 AM
#3
When you click on the wallet it will automatically download the malware wallet
Its too much risky for them who have limited amount of knowledge about wallet hackers. Its called force download by which they push their web vistors to download that malware wallet file. All their intention is to plant that malware file on visitors device which will play the key role for wallet hacking.

Note: I will suggest our community users to stay far from this malware coded website.
copper member
Activity: 2562
Merit: 2510
Spear the bees
July 07, 2020, 08:12:01 AM
#2
It's actually fortunate that the scammers were stupid enough to forget about the use of BCC. Reply to all in that email and make sure none of the potential victims go through with the link. After all, if they didn't realize that the "Bittrex Team" email came from yahoo of all places, they would probably be the exact audience that would be prone to this kind of scam.
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 07, 2020, 07:18:18 AM
#1
What happened; FAKE - TRON AIRDROP - 18,000 TRX

Website: https://tron-project.com/
Archived; http://archive.is/xhe8s

Code:
https://docs.google.com/forms/d/e/1FAIpQLSfnu7UOyKlP3794udoK5Xu2WIlAedYzyAqDvhlRpnRcGF-NRQ/viewform

Code:
Registrar	Hosting Concepts B.V. d/b/a Openprovider
IANA ID: 1647
URL: http://www.registrar.eu,http://www.openprovider.com
Whois Server: whois.registrar.eu

(p)
Dates Created on 2020-07-07
Expires on 2021-07-07
Updated on 2020-07-07
https://whois.domaintools.com/tron-project.com



I received this notification from an email



When you click on the wallet it will automatically download the malware wallet

Jump to: