Harizen users spreading viruses? | Bitcointalksearch.org

robelneo

legendary

Activity: 3192

Merit: 1198

Play Bitcoin PVP Prediction Game

Quote from: Stalker22 on October 04, 2023, 06:19:43 PM

Quote from: albon on October 04, 2023, 04:12:49 PM

~
Therefore, I highly expect that whoever posted the RadiumX ANN topic, which contains a Trojan, is not the original owner of the account, perhaps another superficial scammer who knows nothing about the forum.

It is good that the topic has been deleted now, and I hope the account will be locked ASAP because it will harm many people who may trust what will be published through Harizen's account.

Yes. It has already been confirmed that his account has been blocked and harizenbanappeal has already started a ban appeal thread in the Meta board. He claims that he did not post the ANN topic with the malware link and that his account was probably hacked.

Harizen claims that its not him he can still log in but there's a notification of ban, his ban appeal depends on how he present his innocence there's an IP login where the forum admin can see the details where he login his IP and the time of his log in if the data shows different information on the time he posted that malware thread then he has a good chance of recovery.
This is unfortunate he is a Legendary member and has a good contribution in many discussions.

Stalker22

legendary

Activity: 1484

Merit: 1355

Quote from: albon on October 04, 2023, 04:12:49 PM

~
Therefore, I highly expect that whoever posted the RadiumX ANN topic, which contains a Trojan, is not the original owner of the account, perhaps another superficial scammer who knows nothing about the forum.

It is good that the topic has been deleted now, and I hope the account will be locked ASAP because it will harm many people who may trust what will be published through Harizen's account.

Yes. It has already been confirmed that his account has been blocked and harizenbanappeal has already started a ban appeal thread in the Meta board. He claims that he did not post the ANN topic with the malware link and that his account was probably hacked.

Xal0lex

staff

Activity: 2436

Merit: 2347

Quote from: albon on October 04, 2023, 04:12:49 PM

Quote from: Xal0lex on October 04, 2023, 03:49:30 PM

Actually, both of those accounts are banned.

What I see is that only the other account has been BANNED, but the second alt account [lighpulsar07_alt] is still alive: https://bpip.org/Profile?id=1752216
Last Active: October 02, 2023

Who do you trust more, a moderator who sees the real situation or a third-party service (suchmoon, no offense Wink

)? And seriously, this has been discussed many times before. BPIP sometimes does not show the real state of affairs regarding user bans. Why this happens, I have no idea.

albon

legendary

Activity: 1680

Merit: 1343

Quote from: Lafu on October 04, 2023, 10:51:39 AM

The posted thread from harizen is already deleted and i guess the Account gets locked soon.

I don't know the member, but it's frankly strange. Through Harizen's statistics on BPIP, it turns out that he is an old legendary member and has many achievements and positive feedback from many members, and through Ninjastic, I found through his topics and posts that he is interested in the gambling board and other boards, and I did not find in his previous topics that he had published ANN topics before or any posts related to RadiumX.

Therefore, I highly expect that whoever posted the RadiumX ANN topic, which contains a Trojan, is not the original owner of the account, perhaps another superficial scammer who knows nothing about the forum.

It is good that the topic has been deleted now, and I hope the account will be locked ASAP because it will harm many people who may trust what will be published through Harizen's account.
------

Quote from: Xal0lex on October 04, 2023, 03:49:30 PM

Quote from: JeromeTash on October 04, 2023, 10:32:15 AM

lighpulsar07_alt and alt account of lighpulsar07 that was banned for posting similar malicious links also happened to post the same https://ninjastic.space/post/62933087 but what surprised me is that the mods just deleted the post and did not ban the account.

Actually, both of those accounts are banned.

What I see is that only the other account has been BANNED, but the second alt account [lighpulsar07_alt] is still alive: https://bpip.org/Profile?id=1752216
Last Active: October 02, 2023

Xal0lex

staff

Activity: 2436

Merit: 2347

Quote from: JeromeTash on October 04, 2023, 10:32:15 AM

Quote from: Lafu on October 04, 2023, 09:48:13 AM

Yeb looks like the Account got hacked , and thanks for that you mentioned me here , i already tagged the Account and reported it to the Moderators.

lighpulsar07_alt and alt account of lighpulsar07 that was banned for posting similar malicious links also happened to post the same https://ninjastic.space/post/62933087 but what surprised me is that the mods just deleted the post and did not ban the account.

Actually, both of those accounts are banned.

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: JeromeTash on October 04, 2023, 11:09:41 AM

offordscott for example had his account banned for posting malware. It was quite clear that it was hacked. He appealed against the ban and had even some trusted members vouch for him, but in the end the account remained banned. He probably gave up on the forum after that.

Weird case, imho that account should have been unbanned. I see that person in question didn't really push too much to get his account unbanned (he ant afk day after appeal) and unfortunately that is needed sometimes but I guess he just coulnd't bother with that and decided to leave the forum without fight.

Harizen finally realized realized that his account has been locked and created an appeal thread so hopefully he has more luck and persistence and gets his account back.

JeromeTash

legendary

Activity: 2100

Merit: 1208

Heisenberg

Quote from: Rikafip on October 04, 2023, 10:42:41 AM

Yep, he will most likely get banned but if he was indeed hacked I don't think that it will be that hard to convince mods to unban him. Keep in mind that we are not talking about some unknown low level account but about Legendary with good reputation and history on bitcointalk so it doesn't make any sense to post some low level garbage like this. And it's not like we see something like this before as there were exactly the same cases in the past and members got their accounts back.

I like seeing getting unbanned in this forum at times as a game of roulette

offordscott for example had his account banned for posting malware. It was quite clear that it was hacked. He appealed against the ban and had even some trusted members vouch for him, but in the end the account remained banned. He probably gave up on the forum after that.

Lafu

legendary

Activity: 2940

Merit: 3030

Quote from: JeromeTash on October 04, 2023, 10:32:15 AM

lighpulsar07_alt and alt account of lighpulsar07 that was banned for posting similar malicious links also happened to post the same https://ninjastic.space/post/62933087 but what surprised me is that the mods just deleted the post and did not ban the account.

It looks like lighpulsar07 used similar login details for both his accounts, making the hacker use his alt account as well

This user (BluOrb) also has posted malicious links before and came back to post a new malicious link. Again, on both occasions the user has not been banned. Do mods have some criteria they follow to ban or not to ban such accounts

Thanks for let me know about this problem about this 2 Accounts , that maybe got forgotten to be banned.
On this way i already have written an PM to mprep and asked whats the case on this 2 Accounts and that they maybe now can get banned.
I guess that they will be get banned soon after the PM and i also made a reference link in the PM to your post.

The posted thread from harizen is already deleted and i guess the Account gets locked soon.

hg_away

member

Activity: 111

Merit: 69

Alt of @hugeblack

It is better to report that account and banning it with delete ANN. if it has been hacked, Harizen can restore it with ANN .

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: JeromeTash on October 04, 2023, 10:32:15 AM

it's going to get banned, and convincing mods to unban it may become hard.

Yep, he will most likely get banned but if he was indeed hacked I don't think that it will be that hard to convince mods to unban him. Keep in mind that we are not talking about some unknown low level account but about Legendary with good reputation and history on bitcointalk so it doesn't make any sense to post some low level garbage like this. And it's not like we see something like this before as there were exactly the same cases in the past and members got their accounts back.

JeromeTash

legendary

Activity: 2100

Merit: 1208

Heisenberg

Quote from: Lafu on October 04, 2023, 09:48:13 AM

Yeb looks like the Account got hacked , and thanks for that you mentioned me here , i already tagged the Account and reported it to the Moderators.

lighpulsar07_alt and alt account of lighpulsar07 that was banned for posting similar malicious links also happened to post the same https://ninjastic.space/post/62933087 but what surprised me is that the mods just deleted the post and did not ban the account.

It looks like lighpulsar07 used similar login details for both his accounts, making the hacker use his alt account as well

This user (BluOrb) also has posted malicious links before and came back to post a new malicious link. Again, on both occasions the user has not been banned. Do mods have some criteria they follow to ban or not to ban such accounts

Quote from: Rikafip on October 04, 2023, 10:02:17 AM

Either way, hopefully he realizes soon what happened so he can get control of his account back.

it's going to get banned, and convincing mods to unban it may become hard.

tranthidung

legendary

Activity: 2170

Merit: 3858

Farewell o_e_l_e_o

Quote from: JeromeTash on October 04, 2023, 09:37:15 AM

I know VT has false positives, but what OP posted is true, it's malware. The GitHub is only 2 weeks old with 4 repositories contain different malicious files

The GitHub profile even appears in Lafu's reports - https://bitcointalksearch.org/topic/m.62871485

Quote from: Lafu on October 04, 2023, 09:48:13 AM

Thats true but not in this case , BABY SHOES post and he is right the Account got hacked or sold.

I did not check details and only recommended OP to double check.

I only recall that Harizen used be a member in CM campaign and he was there a long time. I have never seen he launched any project so it is a bit strange to see that topic but my feeling is it sounds impossible a trusted member over years, turn to spread malwares. I of course know that even forum VIP and donator members turned to scammers so I don't exclude that chance, just need more checking.

Quote from: Rikafip on October 04, 2023, 10:02:17 AM

Regarding Harizen, it looks like hacked account as I see no change of password and/or email and it doesn't make much sense to sell Legendary account with solid reputation and that is in a signature campaign. Then again, stranger things have happened here. Either way, hopefully he realizes soon what happened so he can get control of his account back.

Get his account back is not enough and I believe his account will be either banned (by spreading malwares, against forum rules) or locked (by security reason).

This case reminds me about kenzawak.
kenzawak hacked (again)
Account "kenzawak" compromised again

Quote from: Cyrus on July 17, 2019, 09:13:01 AM

As Halab mentionef, the account is already locked.
Follow the instructions here please: https://bitcointalksearch.org/topic/recovering-hackedlost-accounts-5089777

DireWolfM14

copper member

Activity: 2142

Merit: 4219

Join the world-leading crypto sportsbook NOW!

There are a lot of red-flags here. The git for Radium has no repositories to view, no releases to view, and the only link that has any function is the download link. That's not how any legit coin would start out. And, as Cantsay mentioned, deleting posts in a self-moderated ann thread is another red-flag.

Speaking of flags, newbie flag created: https://bitcointalk.org/index.php?action=trust;flag=3217

Rikafip

legendary

Activity: 1722

Merit: 5937

So I see that these scammers are still using that "Radium X" for fake ANN threads, like years ago...

Regarding Harizen, it looks like hacked account as I see no change of password and/or email and it doesn't make much sense to sell Legendary account with solid reputation and that is in a signature campaign. Then again, stranger things have happened here. Either way, hopefully he realizes soon what happened so he can get control of his account back.

And yeah, nice catch OP!

Lafu

legendary

Activity: 2940

Merit: 3030

Quote from: BABY SHOES on October 04, 2023, 09:16:29 AM

User: harizen
A few minutes ago Harizen created a self-moderated thread under the name RadiumX, the site said it was still under maintenance.
What do you think?

Nice catch BABY SHOES and yes the Account for sure got hacked or sold as it has the fake github account in the thread that was used already weeks ago.
Thats why i collect that fake github accounts as its easier to spot , find and research for it.

Quote from: tranthidung on October 04, 2023, 09:25:53 AM

Virustotal can give you false positive checking results but why did you download it?

Thats true but not in this case , BABY SHOES post and he is right the Account got hacked or sold.

Quote from: JeromeTash on October 04, 2023, 09:37:15 AM

Looks like someone got their account hacked.
The GitHub profile even appears in Lafu's reports - https://bitcointalksearch.org/topic/m.62871485

Yeb looks like the Account got hacked , and thanks for that you mentioned me here , i already tagged the Account and reported it to the Moderators.

Cantsay

hero member

Activity: 700

Merit: 541

Top Crypto Casino

2 weeks old GitHub account files uploaded few hours ago that says a lot. And as if that’s not enough the link in their Ann is a direct download link ( which should bring some concern to users that are conscious of the risk involved in downloading any file from an unknown source).

I just took a look at the site’s info and it turned out that the domain is yet to be registered.

Edit:

They deleted all post that called them either “scam” or “virus” from their threads.
https://ninjastic.space/search?topic_id=5469180

JeromeTash

legendary

Activity: 2100

Merit: 1208

Heisenberg

Looks like someone got their account hacked.

Otherwise, why would someone with an account that has such reputation post malware and risk getting permanently banned

Quote from: tranthidung on October 04, 2023, 09:25:53 AM

Virustotal can give you false positive checking results but why did you download it?

Do you know by doing this, you are taking risk ?

If you have other antivirus softwares, double check with them.

A first shot at false positives

I know VT has false positives, but what OP posted is true, it's malware. The GitHub is only 2 weeks old with 4 repositories contain different malicious files

The GitHub profile even appears in Lafu's reports - https://bitcointalksearch.org/topic/m.62871485

tranthidung

legendary

Activity: 2170

Merit: 3858

Farewell o_e_l_e_o

Quote from: BABY SHOES on October 04, 2023, 09:16:29 AM

Then I downloaded it to make sure it checked on virustotal and indicated it looked like a virus in the application.

Virustotal can give you false positive checking results but why did you download it?

Do you know by doing this, you are taking risk ?

If you have other antivirus softwares, double check with them.

A first shot at false positives

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

User: harizen
ANN: [ANN] RadiumX New PoW coin . No ICO. No Masternode

A few minutes ago Harizen created a self-moderated thread under the name RadiumX, the site said it was still under maintenance.

Then I downloaded it to make sure it checked on virustotal and indicated it looked like a virus in the application.

What do you think?

Topic: Harizen users spreading viruses? (Read 357 times)