Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 11. (Read 34320 times)

I found another Fake Ann and Fake Miner Thread with the Fake Github where they try to get Users Account hacked !

Fake Github Account : github.com/Robert746/

In there there are more Fake download files :


Account : spracrypto  <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in March 14, 2018, Hacked or sold Account

Fake Miner Thread : ✅RocketMiner | Best KAS ZIL NEXA miner in the world | Low fee✅
The thread is also selfmoderated and thats what the hackers lately are doing.


This post is also a reference for the Github Report !

Thanks for let me know about that User and the Malware download links !
I also have reported the posts with a reference to your post here and i also supporting the Flag for that User.
And i also have given the Account some negative Feedback to warn other Users and people.
Thanks for keeping your eyes open.

I was checking the topics in the Portuguese tabs and I came across a topic from that user, which when investigating would give the same alert. Thank you for having already done so.

Just a tip, the flag you created (which I already supported) indicated the first post of this topic, and should have indicated your post explaining the situation.


EDIT
Other topics created by the least user, with the same purpose:
https://bitcointalksearch.org/topic/--5444649
https://bitcointalksearch.org/topic/--5444648

This guy is trying to spread malware in a tricky way. Most members have probably not noticed it yet

Profile - Jescbitcoin <--- Please ban/Delete threads containing malware links

Topics.
1. https://bitcointalksearch.org/topic/--5444646
2. https://bitcointalksearch.org/topic/--5444647

Mega Malware link


Proof that the zipped file contains malware;

https://www.virustotal.com/gui/file/c40bf2e193e2e72f0a93f72b0b88b699887885a8da8091b26acbb5d8ff8fcf5e?nocache=1

And we have a new kind of Fake Ann and a new Fake Github Account with Malware !

The Fake Github Account was created an hour ago !

Fake Github Account : github.com/ProjectEvoX/
Real Github Account : github.com/evolution-project

Account : A7fold  <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in June 25, 2018,Hacked or sold Account

Fake Thread : [ANN] Evolution Project EvoX - Fast, Secure and Anonymous

---

Original Thread

Thread : [ANN][EVOLUTION] Evolution-Project coin
Account : evolution-project


This post is also a reference for the Github Report !

---

Edit

They changed there Fake Github again for the Fake Evolution Project EvoX Thread !

Fake Github Account is now : github.com/Robert746/

Account : kamranki <--- Please ban or Lock that Account and delete the Thread

And they have changed the there Fake Github again for RadiumX in the Fake Ann Threads !

The Fake Github Account was created 1 hour ago  

Fake Github Account : github.com/RadiumX-Dev/

Account : Geeba_Official  <--- Please ban or Lock that Account and delete the Thread
The Last post from that Account was back in August 12, 2018 , Hacked or sold Account

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode

---

And there is another new Fake Ann and download with Malware for Bitcointalk Wallet

Fake Github Account : github.com/BitcointalkWallet-Main/

Account : ikymwb  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.


This post is also a reference for the Github Report !

Thanks and yes i have seen that also and reported it instant when i have readed the thread and post from that User.
I just havnt written it to my post earlier but i used the post as a reference for it and will be doing it for the coming one.
Thanks for keeping the eyes open and also for reporting this things.

And here is one more:

Account : JamalAmal99  
This user recently woke up from a long period of inactivity. (Hacked or sold Account)

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode

Also, newbie account thikachhey is used to bump those fake ANN threads.

We have again a new Fake Ann with a new Fake Github Account for RadiumX !

Fake Github Account was created 2 days ago.

Fake Github Account  : github.com/Lolliediep/

And there are more Fake download and Malware files in there.

So i guess we will see more Fake Anns or posts for this files in the mining section in the threads soon also.

Account : s22606  <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in January 30, 2018, Hacked or sold Account
This user recently woke up from a long period of inactivity.

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode


This post is also a reference for the Github Report !

There is now a New Fake Ann Thread for Raptoreum with also a new Fake Github Account !

Fake Github Account was created 15 Hours ago !

Fake Github Account : github.com/Raptoreum-Core/
Original Github Account : github.com/Raptor3um/raptoreum

Account : oluaris      <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Last Post from this User was back in June 10, 2018, Hacked or sold Account

Fake Ann Thread : [ANN] Raptoreum - POW (GhostRider) | ASIC And FPGA Resistant | Mainnet Is Live

---

Original Thread :  [ANN] Raptoreum - POW (GhostRider) | ASIC And FPGA Resistant | Mainnet Is Live
User : Raptoreum


This post is also a reference for the Github Report !

Maybe a suggestion in Meta to enable some sort of "moderator review" with some sort of parameters (so that not all new threads have to be reviewed) that is open not just to moderators, but also to white-listed or established members like yourself who are actively watching these threads may be a good idea to combat the problem. The problem being that new members/inexperienced members are quick to try and get in on new coins at the moment they are announced, download the wallet, and then get infected...all before anyone who is knowledgeable enough discovers the thread is fake and the wallet is infected.

The review period could be a 24 hour/X time "hold" on the topic being published, where only available for legendary members (or some sort of membergroup) to be able to see so that the validity of the thread can be reviewed before the public sees it. To reduce the amount of threads caught in review, it can limit strictly to newbie members or also junior members. As it seems these are the ones who are mostly posting malicious content. Copper members excluded from review (as people who pay for the rights of Copper are less likely to waste it on an attempt to spread malware, I would assume) as are Full member and above (for a similar reason). Parameters about wake-up time can also be added.

Thats why write the Links here so Mitchell can add them to his Bot and also i write them here for a reference for the Github reports also .
And other Users can see them too when they maybe doing some research for the Links .
When i see them i report them dont worry on that , and its also a reference for the reports when i write them here.

I've moved it to the trashcan to mitigate the exposure, although I've escalated it to the global moderators to take further action, so shouldn't be long until that's done. As for the links, I'll probably formulate some sort of list, and report it to Mitchell periodically, however it does seem like they continue to just post new links, so will likely evade the bot. We might need to come up with a custom solution to detect these early, potentially. It's one of the reasons I'm for a shadow ban effect, maybe specifically for accounts looking to post links, rather than all newly registered accounts. I know that these accounts they're obtaining aren't new, which is part of the problem since they evade some of the moderators.

Although, keep reporting them, and we'll at the very least mitigate the exposure this gets. Thanks for doing your bit!

And we have again a new Fake Ann for RadiumX with a new Fake Github Account !
Looks like they are also hacking now github accounts or buy them.

Fake Github Account : github.com/safi71/

Account :  mbpinewatch   <----- Account is already locked or banned normaly
This user recently woke up from a long period of inactivity.
Last post from that Account was back in November 02, 2018 , Hacked or sold Account

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode  <---- Thread is already deleted


This post is also a reference for the Github Report !

Thats not so easy as you think and write , because first the Fake Ann and the Malware link must be detected manually and integrated into the Bot.
And here is the next problem as they changing so often there Fake Github Links for the download and also the Thread title.
Before a bot is posting a warning (The idea is great dont understand me wrong) it is better to delete the thread instant.
For posting a warning in this kind of Threads there for we are here and thank you for have done it .

Maybe creating some sort of bot that posts a warning until the topic is deleted may be a good idea. The reason I suggest this is because I saw that two users downloaded the wallet and asked questions about it in the thread after downloading. I am not sure if anyone contacted them or not after the thread was deleted, though I had to tell them/give them some tips to be safe if they were to have downloaded it. A solution should definitely be created to address this I think. I am happy to also monitor this thread and post warnings as soon as possible as they come by until a solution is created.

Thanks , i have my one way to check that it is Malware and a Fake Ann , a little bit of experience to find this hacked and fake Accounts.
The best way is that you report this kind of threads or posts directly when you see them and normaly it gets fast deleted so nobody can click the Link.
Posting Warnings is good thing but mostly you dont have the time for doing it and there are so much.

Thanks Rizzrack for the explaining.

According to any.run it's a remcos trojan
Any.run is a "malware hunting service" that provides free VMs where you can download and deploy the malware file and it is analysed.

Hi. Great job on this thread. I made a warning post in the thread quoted as two users have downloaded the wallet file. Has it been scanned or is anymore information available about whether not it is malware and if so, what kind/specifications? I noticed that the thread from the post before this one was deleted, though I think you should post these warnings within the threads that aren't deleted yet to ensure no one falls victim in the meantime.

We have again a new Fake Ann for RadiumX with a new Fake Github Account !

Fake Github Account : github.com/jasonfifa/

Account : voxdu12   <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Last post from that Account was back in October 05, 2019, Hacked or sold Account

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode


This post is also a reference for the Github Report !