Author

Topic: rahman1988 - posting links to password stealing malware (Read 839 times)

newbie
Activity: 11
Merit: 0
This guy is clearly a scammer. He has nothing to do with Stemfund.
legendary
Activity: 3696
Merit: 2219
💲🏎️💨🚓
Strange transactions: https://blockchain.info/tx/c54a42d272782ea1751425085baec5f8888e066d74b9cd801d95253678c0a5d7

1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS sends

1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG 3.999 BTC
157meJhNjuetruUKbLKRhvzi63KDW9W2Q4 1.0009 BTC



https://blockchain.info/address/157meJhNjuetruUKbLKRhvzi63KDW9W2Q4 only other transaction two days later is to send

1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG 1.599 BTC
1MRkXWDcvcPKKR1PpQUVbugKZtS1fewZQ6 0.01504649 BTC

https://blockchain.info/tx/c81739504b649b31002e7ce229e9962a07ad2c4aa4482567c6edf87e286db2fe



1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS also sends 1bk6raTidUCGEgmyvEmhV8q7fujGRVAWG directly more than once eg

https://blockchain.info/tx/95295cac37482d6aa7e6c814b196065819157d162caec7476804bc435632fa03
https://blockchain.info/tx/15d7a07ac0225a92ae3e15ce757818f2af0b78786b2c77fae091461c0ca90561
hero member
Activity: 910
Merit: 1000
「きみはこれ&#
This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

How can someone steal the coins leaked from the PM's ? Roll Eyes Aren't you the one trying to send the coins in a Zip File ? That's a new one dude! What were you actually thinking!
legendary
Activity: 1120
Merit: 1000
This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

Yeah... I don't think anyone is gonna fall for that. Might wanna try again  Roll Eyes

http://whois.domaintools.com/stemfund.com - Shared namecheap hosting. They'll take it down if enough people report it.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.

Oh, so you know how to "move" coins. I wonder why you had to send the wallet file then? Instead of just sending the coins to the buyer.

And why did the password have to be in the LNK file?

member
Activity: 91
Merit: 10
This is ridiculous!
that is a false positive.

Luckily I got to move my coins before someone stole the coins you leaked from our PMs.
legendary
Activity: 1120
Merit: 1000
Selling coins by sending a zipped wallet? That's a new one.

The VirusTotal report is showing only 1/56 detection ratio, which could mean a false positive. Did you try to unzip the file?

Edit: never mind, there is an .lnk file in it, those are dangerous. Could be a link to anything, and also there are possible Windows exploits.

Seen this many times before here. Been awhile but it's nothing new.
legendary
Activity: 3654
Merit: 8909
https://bpip.org
Selling coins by sending a zipped wallet? That's a new one.

The VirusTotal report is showing only 1/56 detection ratio, which could mean a false positive. Did you try to unzip the file?

Edit: never mind, there is an .lnk file in it, those are dangerous. Could be a link to anything, and also there are possible Windows exploits.
newbie
Activity: 6
Merit: 0
Scammer : rahman1988

Profile : https://bitcointalksearch.org/user/rahman1988-326395


Link to his sales thread -

https://bitcointalksearch.org/topic/m.14461489

Sends you a .zip file claiming its his Dash wallet.dat file for the trade except it has a password stealer in it.

I have a complete log of all pm's between us if anyone wants to see them.



I have now send 25% of the 14000 DASH upfront as promised.
- https://stemfund.com/dashwallet.zip


I'm looking forward to your business!

My bitcoin address is:
1LhdG3aB5a2zQzKBSWBkwNxCYCBhSvqaXS


StemFund is my bitcoin loaning company, and i already sent you the wallet with password..
I dont know how a txt or zip is malware.. man i its my wallet.dat and password for DASH.

Else i would have to change my password for my wallet. It contains 3507 DASH coins.

Regards
rahman1988


Virustotal report on zip file :
https://www.virustotal.com/en/file/216cfbe6851a2d733ec5f7d9875e9156b5cf6b461dc195d41d08642edd525aed/analysis/1460146837/



If this guy posts any bullshit about who is the real scammer I happy to give my password to any senior member so they can confirm every pm between us.



Please tag this retard as a scammer!
Jump to: