Offering Malicious Script Service - XDrainer

holydarkness

legendary

Activity: 2506

Merit: 1398

Yes, I'm an asshole

Quote from: crwth on March 21, 2023, 01:37:08 AM

I didn't know there was such a thing as this, OP. Thank you for sharing this. It's the first time I saw that drainer thing. It really is made to get people's attention that you could make money from these things. We all know that many people are really into that making money thing, and some people do it for the sake of themselves even though it causes harm to others.

You did a good thing, IMO. Also, having that exposed here in the Scam Accusations board would make others think otherwise.

If I have to be honest, prior to posting this thread and take a quick google search after it, I was divided between thinking if this is a serious offer of malicious software or is this an attempt to scam a scammer-wannabe, i.e.: offering a dud software. Sure, I've stumbled upon several people sharing their story of being hacked or warning about the possible hack through telegram, but this is the first time I finally "introduced" to the software and how it works; drain-ware, is what developers and cyber-security-analysts named them.

Quote from: speedy963 on March 21, 2023, 07:50:52 AM

Tsk tsk tsk I support the notion. It's a good thing you posted this here. I remember maybe it was around November I think? when there was a massive wallet drain happened on solana platform. I think this guys are attacking every platform just earn money. For sure those who are newbies and unaware about this specially in social media would think it a normal extension that you'd only need to connect your wallet.

I think this software is not exclusively threatening newbies, inexperienced --or even experienced-- BM and those who dealt with contract-approval of web3 frequently are also at risk, in a sense that they might led into the trap in guise of escrow or NFT welcome bonus. Reading this article and from what can be inferred from the scammer's suggestion, one of the MO seems to be duplicating an existing platform, so even when people researching the said platform before they connect their wallet, they'll led to believe that the phishing site is legit as they shared the same name.

Saisher

full member

Activity: 2240

Merit: 175

#SWGT PRE-SALE IS LIVE

Quote from: yhiaali3 on March 21, 2023, 01:29:38 AM

Quote from: holydarkness on March 20, 2023, 10:42:59 AM

Suspect's Website: ........

Unfortunately such scammers are hard to stop, as I can see he created many accounts after each time his account got banned.

I don't know if it is possible to prevent him from creating a new account by blocking the Ip because he will definitely use a VPN, so the only way now is to keep reporting these accounts.

They can still victimize, as long as these people can be victimized because of people's ignorance of this script they will aggressively advertise this script, not only here in Bitcointalk but on many platforms like telegram, Facebook, and another forum, the only way we can stop these hackers is to propagate and disseminate information on how these scripts work and to not use this script.
This is new to me and they will keep on creating new scripts, devices new schemes to scam and hack people because as they say scammers will always be scammers.

speedy963

sr. member

Activity: 631

Merit: 253

Tsk tsk tsk I support the notion. It's a good thing you posted this here. I remember maybe it was around November I think? when there was a massive wallet drain happened on solana platform. I think this guys are attacking every platform just earn money. For sure those who are newbies and unaware about this specially in social media would think it a normal extension that you'd only need to connect your wallet.

crwth

copper member

Activity: 2744

Merit: 1250

Try Gunbot for a month go to -> https://gunbot.ph

I didn't know there was such a thing as this, OP. Thank you for sharing this. It's the first time I saw that drainer thing. It really is made to get people's attention that you could make money from these things. We all know that many people are really into that making money thing, and some people do it for the sake of themselves even though it causes harm to others.

You did a good thing, IMO. Also, having that exposed here in the Scam Accusations board would make others think otherwise.

yhiaali3

legendary

Activity: 1680

Merit: 1853

#SWGT CERTIK Audited

Quote from: holydarkness on March 20, 2023, 10:42:59 AM

Suspect's Website: ........

Unfortunately such scammers are hard to stop, as I can see he created many accounts after each time his account got banned.

I don't know if it is possible to prevent him from creating a new account by blocking the Ip because he will definitely use a VPN, so the only way now is to keep reporting these accounts.

As a side note, it is better to include the address of the suspect within the code:

Code:

https://xdrainer.xyz/

In order not to cause visitors to be sent to the sites by mistake.

holydarkness

legendary

Activity: 2506

Merit: 1398

Yes, I'm an asshole

Quote from: salad daging on March 20, 2023, 07:13:10 PM

Turns out they have created more and more accounts to sell these scripts on forums and it's even more dangerous if they let them but I'd love to see how we keep reporting to mods and also here that fraudulent ads are not allowed on bitcointalk forums.

There are 4 accounts advertising this fake script and 3 were found by @PX-Z with deleted threads but we can view the archives.

List
X-Drainer18 - Ban
X-Drainer13 - Ban
X-Drainer14 - Ban

[...]

I saw that the account mentioned on my opening post is already nuked too. Big applause to the community and mods who work so quickly against this persistent user.

Quote from: logfiles on March 20, 2023, 07:38:03 PM

Good job holydarkness.

The person behind the malicious script service is not about to stop. So I suggest you report any post or profile you find promoting the link in this thread - Report Malware and Suspicious Links here so Mods can take Action !

[...]

Will update this thread and reporting to Lafu's thread next time I stumbled upon them. I've set the notifier to inform me whenever some phrases used on their thread are being mentioned again on this forum, hopefully it'll work and help tackle this scammer easier.

yhiaali3, edited as suggested.

logfiles

copper member

Activity: 1960

Merit: 1638

Top Crypto Casino

Good job holydarkness.

The person behind the malicious script service is not about to stop. So I suggest you report any post or profile you find promoting the link in this thread - Report Malware and Suspicious Links here so Mods can take Action !

Once you post there and report to the mods, they will act so fast and ban the profile

Quote from: salad daging on March 20, 2023, 07:13:10 PM

There are 4 accounts advertising this fake script and 3 were found by @PX-Z with deleted threads but we can view the archives.

They are actually more than that, but all have been banned except 2

salad daging

hero member

Activity: 1624

Merit: 791

Bitcoin To The Moon 📈📈📈

Turns out they have created more and more accounts to sell these scripts on forums and it's even more dangerous if they let them but I'd love to see how we keep reporting to mods and also here that fraudulent ads are not allowed on bitcointalk forums.

There are 4 accounts advertising this fake script and 3 were found by @PX-Z with deleted threads but we can view the archives.

List
X-Drainer18 - Ban
X-Drainer13 - Ban
X-Drainer14 - Ban

Quote from: PX-Z on March 19, 2023, 06:51:45 PM

Archives
[1] https://ninjastic.space/topic/5445571
[2] https://ninjastic.space/topic/5445557
[3] https://ninjastic.space/topic/5445576

coin-investor

hero member

Activity: 2828

Merit: 575

Leading Crypto Sports Betting & Casino Platform

Quote from: holydarkness on March 20, 2023, 10:42:59 AM

Additional Notes:
I initially hoped I understand their service wrongly, that they offered a service of blacklisted address so their user could proceed with caution, much like... that specific user who offered such service on neighboring sub-board. I honestly not sure if raising this thread would works against their favor by limiting their movement or I did a mistake by offerring a free advertising for their service, but I thought it's better be reported so unsuspecting people would proceed with caution.

It might be worth mentioning that --I think-- the service looks and works like the one thread in the past where the user's fund were drained after he approved a contract [can't find it although I've spent long minutes on ninjastic and generous time by manually leafing through the scam accusation and reputation board].

You are right in posting this stuff this is new and many are not aware of this, a malicious script that is being sold is encouraging people to scam and they are no different from scam promoters, I am not aware of the existence of this kind of software and maybe in the future I run into it, you are not promoting it since it is in the scam section.
Two things will happen people will be aware of it or scammers will thank you because they can use something to scam people, but we are here to educate people about what scammers are using to scam people.

Learn Bitcoin

hero member

Activity: 462

Merit: 767

#SWGT CERTIK Audited

Oh, I saw a lot of Twitter handle offering 2000 BNB, 100 ETH, and many other currencies. To participate in such bounty, people need to visit their website and connect meta mask wallet. A lot of other people post on social media that they get scammed on such websites. People often get fucked up being greedy. A few weeks ago Campaign manager Julerz's wallet was drained somehow. Now they offering such a service in this forum. Unfortunately, the forum doesn't moderate scams.

holydarkness

legendary

Activity: 2506

Merit: 1398

Yes, I'm an asshole

What happened: Offering malicious script to drain crypto from its unsuspecting victims
Suspect's Profile Link: Xdrainer543tre
Suspect's Website:

Code:

https://xdrainer.xyz/

archived
Suspect's ANN thread: https://bitcointalksearch.org/topic/--5445535

Additional Notes:
I initially hoped I understand their service wrongly, that they offered a service of blacklisted address so their user could proceed with caution, much like... that specific user who offered such service on neighboring sub-board. I honestly not sure if raising this thread would works against their favor by limiting their movement or I did a mistake by offerring a free advertising for their service, but I thought it's better be reported so unsuspecting people would proceed with caution.

It might be worth mentioning that --I think-- the service looks and works like the one thread in the past where the user's fund were drained after he approved a contract [can't find it although I've spent long minutes on ninjastic and generous time by manually leafing through the scam accusation and reputation board].

Some screenshot for easy view:

archived source: https://archive.fo/2mkOe

Topic: Offering Malicious Script Service - XDrainer (Read 148 times)