Report Malware and Suspicious Links here so Mods can take Action ! - page 11.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

I found two fake ANNs spreading viruses via download links on github!

ANN Fake: [INS] InternetSecurity - protect you from phishing attempts [CPU mining]][ANN] [INS] InternetSecurity - protect you from phishing attempts [CPU mining]
User: js2105 - Please ban this user and lock the thread.

Virustotal: https://www.virustotal.com/gui/file/1aa7a5d6aa38f4e5a4b641ccf6d5d7bdf4a96b86059b457e8cd0b49f00544008/detection

Quote from: ?? on ??

Wallets
Windows: https://github.com/InternetSec/InternetSec/releases/tag/1.2.1
Source: https://github.com/InternetSec/InternetSec/

ANN Fake: [ANN] [BRV] BitcoinRivera - most security system [Scrypt]
User: Bitcoin@111 - Please ban this user and lock the thread.

Virustotal: https://www.virustotal.com/gui/file/c8f05286290cb9bc4f62c0330aed2be4f43da5f6e9c00f87e76117cfcefc5dcc

Quote from: ?? on ??

Wallets
Windows: https://github.com/BitcoinRivera/BRV/releases/download/1.0.0/BitcoinRiveraCore.zip
Linux: coming soon

What we see again is that the file is created with the name PhoenixMinerReborn.exe.
As @Lafu reported here.

Code:

C:\Users\\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

https://www.virustotal.com/gui/file/c8f05286290cb9bc4f62c0330aed2be4f43da5f6e9c00f87e76117cfcefc5dcc/behavior

pinggoki

sr. member

Activity: 1498

Merit: 416

Quote from: BABY SHOES on November 03, 2023, 09:23:22 AM

This user has 282 activities and suddenly spreads a trojan with a fake ANN, maybe this account was hacked.

I've checked the 5 pages of his post and it's just bounty related posts so I might not be too inclined to believed that this account is hacked, there's not a lot of effort invested in this account so it's easy for him to just use it to share a Trojan, if I were on that person's shoes and there's an opportunity for me to do it with an account that has some significant activity to hide my intentions (sharing links in the posts most of the time so it's likely that someone will click on my links without thinking about it.), I would probably do it too. Although I could be wrong though and this account really is hacked but that's unlikely since the hacker won't really get anything out of hacking this account wouldn't they?

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Quote from: Lafu on November 03, 2023, 08:09:14 AM

Fake Ann Thread : [ANN] [OGR] OgreCoin - meme token destroyer, WHOAAA (Ghostrider)

This user appears again with his fake ANN, even though he has been tagged by you, at least I am reporting again here so that this user is banned.

ANN Fake: [ANN] [OGR] OgreCoin (Ghostrider)
User: vesko_savov - Please ban this user and lock the thread.

Quote from: ?? on ??

Ogre wallet
Github: https://github.com/OgreProject/Ogre/releases/tag/1.0.0
Source: https://github.com/OgreProject/Ogre/blob/main/Ogrecoin-master.zip

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: BABY SHOES on November 03, 2023, 09:23:22 AM

There was recently a fake Ann with a trojan in the Github download.

Fake Gituhub: github.com/AgloranProject
User: Lonyee665 - This user has 282 activities and suddenly spreads a trojan with a fake ANN, maybe this account was hacked.
ANN Fake: [ANN] [AGL] Agloran - perfect health area [FiroPow/Fast exchanges]

Virustotal : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385

Yeb you are right its a Fake Ann Topic with a new Fake Github Account with malware download Link !
The Fake Github Account was just created 39 Minutes ago

The downloaded File also create and starts the same PhoenixMinerReborn.exe as the last 2 other Fake Ann downloads.

Code:

C:\Users\user\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385/behavior

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

There was recently a fake Ann with a trojan in the Github download.

Fake Gituhub: github.com/AgloranProject
User: Lonyee665 - This user has 282 activities and suddenly spreads a trojan with a fake ANN, maybe this account was hacked.
ANN Fake: [ANN] [AGL] Agloran - perfect health area [FiroPow/Fast exchanges]

Virustotal : https://www.virustotal.com/gui/file/278356ef057c422d04bc8d4d46e5c05ebac66b6b1cccfb8b5738aed161dd8385

Lafu

legendary

Activity: 3136

Merit: 3213

We have another Fake Ann with an Fake Github Account that have a Trojan and Malware download Link for OgreCoin !

The Fake Github was just created 2 Hours ago.

Fake Github : github.com/Ogrecoin

Account : jfedirolaret <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
The Account is Registered since October 03, 2021 , hacked or sold Account

Fake Ann Thread : [ANN] [OGR] OgreCoin - meme token destroyer, WHOAAA (Ghostrider)

Quote from: ?? on ??

Ogre wallet

Code:

https://github.com/Ogrecoin/OgreOgre/releases/tag/0.0.1

Virsutotal Link : https://www.virustotal.com/gui/file/11606965da6486074fb915e7e80078180f1403c5a7e859a3b323c35b93b8d722?nocache=1

The strange thing here is the behavior of the File when it gets installed and started.
It create this file here and starts it when the Fake Wallet file gets started.

Code:

C:\Users\\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/11606965da6486074fb915e7e80078180f1403c5a7e859a3b323c35b93b8d722/behavior

And the same Fake Ann and a Fake Github Account we got here for ARMATA !

The Fake Github Account was just created 16 Hours ago.

Fake Github : github.com/ArmataProject

Account : Taretionks <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
The Account is Registered since October 03, 2021 , hacked or sold Account

Quote from: ?? on ??

Our Github

Code:

https://github.com/ArmataProject/Armata

Virustotal : https://www.virustotal.com/gui/file/c89f4761d9c3d70068a16521911391aa9efebdb796f26744a92f08702c71d6fb/detection

And same here there will be a file created with name PhoenixMinerReborn.exe

Code:

C:\Users\\AppData\Local\Temp\IXP000.TMP\PhoenixMinerReborn.exe

Source : https://www.virustotal.com/gui/file/c89f4761d9c3d70068a16521911391aa9efebdb796f26744a92f08702c71d6fb/behavior

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: light_warrior on October 27, 2023, 02:56:10 PM

One comrade here is spamming with his miner, in which virustotal detected a trojan. I don't know if the fact that only two virustotal antivirus engines detected a trojan in this file is enough.

Its enough and the detections from Virustotal are not false positive and you was right to report them here.
Thanks for keeping your eyes open , i also reported posts from all 2 Users and they are already deleted.
I also reanalyzed the file again on Virustotal and it got now 3 detections , thanks again for let me know about that.

light_warrior

copper member

Activity: 588

Merit: 926

One comrade here is spamming with his miner, in which virustotal detected a trojan. I don't know if the fact that only two virustotal antivirus engines detected a trojan in this file is enough.

bitbooster

https://bitcointalksearch.org/topic/re-ann-bitsense-bounty-distribution-2460715
https://bitcointalksearch.org/topic/bountyairdrop-buzzex-trade-at-up-to-100-discount-and-also-earn-in-revenue-5048062
https://bitcointalksearch.org/topic/annmintmecomcreate-your-own-coin-or-token-for-free-5195589

Link to virustotal

Code:

https://www.dropbox.com/scl/fi/o05mj6j7asredpbpd7kcs/Installer-Install-2023_v3x.1t.zip?rlkey=uvkxs4gid3dmea7ieomkspwhq&dl=1

UPD

Another comrade is circulating the same link

kerncc1

https://bitcointalksearch.org/topic/where-to-fix-your-asic-miners-5297994
https://bitcointalksearch.org/topic/bitcrack-a-tool-for-brute-forcing-private-keys-4453897
https://bitcointalksearch.org/topic/bitcrack-a-tool-for-brute-forcing-private-keys-4453897

Lafu

legendary

Activity: 3136

Merit: 3213

And we have a new Fake Miner Topic with a new Fake download Github Account Link with Malware for Pooler CPUMiner !

The Fake Github Account was created 3 days ago.

Fake Github : github.com/poooIer/cpuminer
Real Github : github.com/pooler/cpuminer

Account : BitTargetPlus <--- Please ban or Lock that Account and delete the Thread
Its a new Fake Account from the Hackers and was just Registered yesterday.

Fake Miner Thread : The latest release of Pooler CPUMiner v2.5.2 is now available.

Quote from: ?? on ??

Current Version: 2.5.2 (Okt 19, 2023)

Code:

https://github.com/poooIer/cpuminer/blob/v2.5.2

There is no new Version of that CpuMiner!

Original CpuMiner Thread : An (even more) optimized version of cpuminer (pooler's cpuminer, CPU-only)

Account : pooler

Quote from: pooler on December 19, 2011, 11:27:00 AM

Current Version: 2.5.1 (Jun 25, 2020)
https://github.com/pooler/cpuminer

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3136

Merit: 3213

In this case you are not right BABY SHOES !

The Github you have posted is no Fake one and what you see in the Virustotal scan detection here
https://www.virustotal.com/gui/file/e5fd4a1d67f8366c67117a3a0a64385b4177adf4b66e45ae622d5e34a579c466?nocache=1 is a false postive detection one for miners.

This one here is fine and original Ann Thread:
SquishyCoin

Code:

https://github.com/sqcndev/SquishyCoin/releases/tag/v0.7.2

[ANN] Squishy Coin (SQCN) PoW / PoS | Equihash 200,9 --- June 23, 2023

Quote from: BABY SHOES on September 28, 2023, 07:33:53 AM

Account name
ReactiveBitcoin Create Today
[Re-ANN] [SQCN] SquishyCoin - rework and update coin [Equihash 200,9]

This one here is for sure a Fake one and i guess soon there will be an fake github link edited in there.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

There is an old thread in June still not reported, because their site is active and also the shitcoin is traded on the Xeggex exchange after making a deeper search by checking the downloaded wallet and then checking in Virustotal detected Malware.
Even worse, they tried to create a new ANN with a new account to spread it, fortunately now we are reporting them.

Account name
ReactiveBitcoin Create Today
SquishyCoin

ANN
[Re-ANN] [SQCN] SquishyCoin - rework and update coin [Equihash 200,9]
[ANN] Squishy Coin (SQCN) PoW / PoS | Equihash 200,9 --- June 23, 2023

Fake GitHub

Code:

https://github.com/sqcndev/SquishyCoin/releases/tag/v0.7.2

Detected

Code:

https://www.virustotal.com/gui/file/e5fd4a1d67f8366c67117a3a0a64385b4177adf4b66e45ae622d5e34a579c466?nocache=1

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: BABY SHOES on September 27, 2023, 05:20:45 PM

Another one with a newbie account makes malware spread by continuing to create ANNs that are locked. I will not get tired of reporting them.

Yes you are right with the last Fake Ann , the Fake Github github.com/SirkonaCoin was just created 4 Hours ago.
Nice to hear that you dont get tired of reporting them , thats for sure a big help fighting against this things.
Looks like they got not anymore hacked Accounts that they can use as the last ones new Accounts.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Quote from: Lafu on September 27, 2023, 10:22:10 AM

Yes you are right as i have written a post earlier its always helpfull to collect the Fake Threads and there Links.
Its good to have some help against the Hackers and Malware spreading hacked User Accounts .

Yes we must continue to report in every thread that is suspicious of spreading malware here, most of what I find are newbie accounts that have just been registered.
Another one with a newbie account makes malware spread by continuing to create ANNs that are locked. I will not get tired of reporting them.

Account name: SirkonaMoment
ANN: [ANN] [KRS] Sirkona - safety communication [ProgPow]

Don't click

Code:

https://github.com/SirkonaCoin/Sirkona/releases/download/1.0.0/SirkonaProject-win-v1.0.0.zip

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: BABY SHOES on September 26, 2023, 08:58:00 PM

~~~~~~

Thanks afor keeping your eyes open and that reported the threads and things , i was just on the mobile earlier when i tagged the Account.
Yes you are right as i have written a post earlier its always helpfull to collect the Fake Threads and there Links.
Its good to have some help against the Hackers and Malware spreading hacked User Accounts .

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Spreading Malware with fake ANN Although it has been tagged by @Lafu today but I think it is necessary to report here and action,

Account name SirenaMoon - ban
Thread: [ANN] [SRN] SirenaProject - collective help for profit [FiroPOW/Mineable now] & [ANN] [SRN] SirenaProject - collective help for profit [Mineable now]

Code:

https://github.com/SirenaProject/SirenaCoin/blob/main/SirenaProject-main.zip

Check on Virustotal which detected Malware

Additional edits
Malware spreading fraudsters have created new accounts by creating the same thread and with the thread locked.

Account name CoronelsN

ANN
[ANN] [NSR] SIR - crypto messenger for communication (FiroPOW/Fast start)

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

It seems that these gangs are not tired of continuing to spread malware by spreading it in self-moderated threads.
With accounts created in 2021 created simultaneously and now waking up again to spread it.

Account name:
Fatendisto - Create October 01, 2021, 06:38:54 PM
vikolkolpet - Create October 01, 2021, 06:40:37 PM
hafuterkina - Create October 01, 2021, 06:42:27 PM
jugujikolesad - Create October 01, 2021, 06:49:15 PM
Kerikostaw - Create October 01, 2021, 06:53:15 PM

ANN
Berto Coin - Your Very Own 3D Printed Bitcoin
Alfalah Coin - The Ultimate Crypto Innovation for Charity & Local Businesses
PID Coin - Empowering Internet Users with Personal Data Ownership
Modic Coin (MODIC) - Your Modern Investment Coin
StefanCoin - Your Politically Correct, Decentralized Coin

Fake Github

Code:

https://github.com/berto-coin/berto-coin/releases/tag/v1.2.0
https://github.com/Alfalah-Coin/Core/releases/tag/v1.1.3
https://github.com/Pid-Coin/Core/releases/tag/v1.1.1
https://github.com/Modic-Coin/modic-coin/releases/tag/v1.3.3
https://github.com/Stefan-Coin/Core/releases/tag/v1.0.2

The file size is the same as yesterday above

Checking on Virustotal detected a trojan virus/malware

Code:

https://www.virustotal.com/gui/file/1d5a517283b717ceb309b1a524de9e34d3ae9553f5111ba4b87be1c907e7e9a3
https://www.virustotal.com/gui/file/c47fde0015a1f5f3d39ffb4522b54f37c3528833ccca7b24e2839c9077388b3a?nocache=1
https://www.virustotal.com/gui/file/1362f6dd1a93d80b8134512f2848890b812326feb3c55b0cd95e1f6a4b38653c?nocache=1
https://www.virustotal.com/gui/file/a512218aa9ce5b4dd1619679d34ed8d944c08348ed5009840ac2721f37f4b088?nocache=1
https://www.virustotal.com/gui/file/4810f16c9f6dec19a9fe38405634a893cf12cbb1f78dfa84232356a84591a6df?nocache=1

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Found fake threads by spreading viruses from apps downloaded from fake GitHub,

ANN: https://bitcointalksearch.org/topic/--5467770
Account: tawaresder

Fake GitHub: (Created 41 minutes ago)

Code:

https://github.com/bitxor-coin/bitxor-coin/releases/tag/v1.0.3

Virustotal: https://www.virustotal.com/gui/file/545d03832a26a05559d378c2669c97e5af0a84303c3830b701afad496dc88559

ANN: https://bitcointalksearch.org/topic/--5467768
Account: Ujetanokilk

Fake GitHub: (Made a few hours ago)

Code:

https://github.com/thewebers-coin/thewebers-coin/releases/tag/v1.0.1

Virustotal: https://www.virustotal.com/gui/file/24e7c50efa47ecbd08a1e556b5c3e034b5e6f4d5c09fa7146865021bb12052ef

ANN: https://bitcointalksearch.org/topic/--5467764
Account: ikopreditero

Fake GitHub:

Code:

https://github.com/Scrooge-Coin/Scrooge-Coin/releases/tag/v1.2.1

Virustotal: https://www.virustotal.com/gui/file/c625324960a6c20b41472c901c6521a9bc92d75edaf0f42a45c93892fe1f5b11

ANN: https://bitcointalksearch.org/topic/--5467771
Account: gattokoter

Fake GitHub:

Code:

https://github.com/Capy-Coin/Core/releases/tag/v1.2.2

Virustotal: https://www.virustotal.com/gui/file/bf3e4c13e6f965d38d88087e8ef861d9acf2d8eb9398178e679c19d28214d2b7?nocache=1

ANN: https://bitcointalksearch.org/topic/--5467759
Account: likkosader

Fake GitHub:

Code:

https://github.com/Shmingus-Coin/Core/releases/tag/v1.1.0

Virustotal: https://www.virustotal.com/gui/file/c6bf52a2d0904e1ec337401ddebd782885e505ffc126f4a8838678d6ef2793bf

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: light_warrior on September 21, 2023, 01:53:49 PM

I discovered a fake topic here with a link to github. And there I downloaded and checked the file that this comrade advertises.
To Lafu, is that right?

Awesome light_warrior , nice catch on all that fake links and fake topics and thanks for keep your eyes open and reporting them and write in here.
Yes it is right how you have posted in here the last one and it helps a lot if i or the moderators or anybody else searching for.
Its easier to hunt the hackers down with that records in the future.

light_warrior

copper member

Activity: 588

Merit: 926

I discovered a fake topic here with a link to github. And there I downloaded and checked the file that this comrade advertises. Virustotal shows that this file is not safe. There's a trojan in there.

Link to topic - Litecoin Core integration/staging tree

The comrade who posted the topic - lafotihgyt Banned

Link to github

Code:

https://github.com/lite-coin/lite-coin/releases/tag/v1.3.3

Link to Virustotal

To Lafu, is that right?

UPD

I also found several other topics with the same content. The file names are different, but the content is the same

1. Commie Coin - Your Ticket to Financial Equality

Code:

https://github.com/commie-coin/commie-coin/releases/tag/v1.3.3

2. ServicesCoin - Empowering Small Businesses

Code:

https://github.com/services-coin/core/releases/tag/v1.1.3

3. CryptoNote Cryptocurrency Protocol Reference

Code:

https://github.com/medical-coin/core/releases/tag/v1.1.0

Lafu

legendary

Activity: 3136

Merit: 3213

And we have a new Fake Ann Thread with a new Fake Github Account download link with Malware for Luckcoin!

Fake Github : github.com/luck-network

Account : CoinQuest <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in January 12, 2021 , hacked or sold Account

Fake Ann Thread : [ANN][2POW] Luck - A new consensus algorithm to eliminate large mining pools

Quote from: ?? on ??

Wallet

Code:

https://github.com/luck-network/LUCKcoin/releases

Original Ann Thread : [ANN][2POW] Luck - A new consensus algorithm to eliminate large mining pools

Account : Sherlock.Holmes

This post is also a reference for the Github Report !

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 11. (Read 36657 times)