Report Malware and Suspicious Links here so Mods can take Action ! - page 11.

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Quote from: Lafu on January 29, 2024, 07:48:28 AM

Thanks for keeping your eyes open , already reported all of that posts and threads you have written.
Looks like after a short break the hackers getting active again with there Shit Fake Anns and Malware download Links.
Glad that you looking a bit on other boards as well , really appreciate that 100%.

Yeh I saw today that there is also a fake ann with malware that is a full member who is active again after a long period of inactivity, I suspect that maybe this account has been hacked.
Continue to spread RadiumX malware.

I reported again here

Fake Ann Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode

Account : panda111 Please ban or Lock that Account and delete the Thread

Quote from: panda111 on January 29, 2024, 11:54:04 PM

Code:

[b]Wallets[/b]
Windows(beta): https://github.com/RadiumX-coin-project/RadiumX/releases/download/1.0.2/RadiumX.zip

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Fake threads from the Bitcoin Discussion board with mediafire-included files, this is obviously a danger if you download them.

User: myhanh - This user recently woke up from a long period of inactivity.

ANN: How to Start Crypto Currency Trading From Beginning

Quote from: myhanh on January 29, 2024, 02:09:33 PM

Code:

GUIDE SEP BY STEP : https://www.mediafire.com/file/qlmrpzvolz338pa/How_to_Start_Crypto_Currency_Trading.rar/file

PASS: 123

I suspect that this account has just reactivated after sleeping from 2018, although it doesn't detect it in virustotal but I'm sure what they are spreading is a virus.

Lafu

legendary

Activity: 3178

Merit: 3295

Quote from: $crypto$ on January 29, 2024, 04:33:35 AM

user JohnnyLVC has created another fake ANN with RadiumX even though he has been flagged by you so I am helping to report here because he is not only RadiumX but with Kaspa in a different thread along with other users as well spreading this dangerous post.

Thanks for keeping your eyes open , already reported all of that posts and threads you have written.
Looks like after a short break the hackers getting active again with there Shit Fake Anns and Malware download Links.
Glad that you looking a bit on other boards as well , really appreciate that 100%.

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

@Lafu like this user JohnnyLVC has created another fake ANN with RadiumX even though he has been flagged by you so I am helping to report here because he is not only RadiumX but with Kaspa in a different thread along with other users as well spreading this dangerous post.

Fake Ann Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode

Quote from: JohnnyLVC on January 29, 2024, 02:31:09 AM

Code:

Windows(beta): https://github.com/RadiumX-coin-project/RadiumX/releases/download/1.0.2/RadiumX-v.1.3.1.zip

https://bitcointalksearch.org/topic/lolminer-164-fastest-kaspa-miner-in-market-4724735

Quote from: ?? on ??

Code:

[b]Windows:[/b] https://github.com/aspectron-wallet/kaspa-ng/releases/download/v0.2.3/kaspa-ng-v0.2.3-windows-x64.zip
[b]MacOS: [/b]https://github.com/aspectron-wallet/kaspa-ng/releases/download/v0.2.3/kaspa-ng-v0.2.3-macos-arm64.zip

Account : jamboom

Quote from: ?? on ??

Code:

[b]Download links[/b]

[b]Windows:[/b] https://github.com/aspectron-wallet/kaspa-ng/releases/download/v0.2.3/kaspa-ng-v0.2.3-windows-x64.zip
[b]MacOS: [/b]https://github.com/aspectron-wallet/kaspa-ng/releases/download/v0.2.3/kaspa-ng-v0.2.3-macos-arm64.zip

One more added

Account : bert1587 Please ban

Fake Ann Thread : Kaspa Next Generation (Kaspa NG) - New wallet by ASPECTRON

Quote from: bert1587 on January 29, 2024, 06:36:02 AM

Code:

[b]Download links[/b]

[b]Windows:[/b] https://github.com/aspectron-wallet/kaspa-ng/releases/download/v0.2.3/kaspa-ng-v0.2.3-windows-x64.zip
[b]MacOS: [/b]https://github.com/aspectron-wallet/kaspa-ng/releases/download/v0.2.3/kaspa-ng-v0.2.3-macos-arm64.zip

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

@Lafu looks like this gang is spreading fake ANN again with a full member account, I believe this account has been hacked and is deliberately spreading fake github with malware in it.

Account - Maian This user recently woke up from a long period of inactivity. Last post on: April 05, 2021
Fake ANN - [ANN] RadiumX New PoW coin . No ICO. No Masternode

Quote from: Maian on January 27, 2024, 11:58:56 PM

Code:

[b]Windows(beta)[/b]: https://github.com/RadiumX-coin-project/RadiumX/releases/download/1.0.2/RadiumX.zip

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fake Ann Thread with a new Fake Github Account and Malware download Link for RadiumX !

The Fake github Account was just created 2 Days ago!

Fake Github Account : github.com/RadiumX-coin-project

Virustotal have detected 8 Trojan and Malware things

Code:

Win32:Malware-gen
A Variant Of Win32/Injector_AGen.AFT
Trojan.Win32.Krypt
Malware.SwollenFile!1.E38A (CLASSIC)
HEUR:Backdoor.Win32.Remcos.gen

Source : https://www.virustotal.com/gui/file/a5fcb0759bd43b60c0c68dad26580fb78f315fbf9d2280fed73addbcc05a0505/detection

Account : Runs.com <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since April 09, 2018 and the last post was back in 2018 , hacked or sold Account

Fake Ann Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode

Quote from: Runs.com on January 27, 2024, 09:56:51 PM

Wallets

Code:

https://github.com/RadiumX-coin-project/RadiumX/releases/download/1.0.2/RadiumX.zip

And another Fake Ann Thread here.

Quote from: Maian on January 27, 2024, 11:58:56 PM

Wallets

Code:

https://github.com/RadiumX-coin-project/RadiumX/releases/download/1.0.2/RadiumX.zip

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fake Ann with a new Fake Github Account with Malware download Link for FitiCoin !

The Fake Github Account was just created yesterday

Fake Github : github.com/Fiti-Network

And here its the same as for the other last Fake Github Accounts ,
The Windows QT Wallet file size there is again 700 MB and the same as for the last Fake Ann.

Account : Brighthopler <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 02, 2021, hacked or sold Account

Fake Ann Thread : [ANN] FitiCoin - Revolutionizing Fitness through Blockchain Technology
The Thread is also Self Moderated as always from the Hackers.

Quote from: Brighthopler on January 23, 2024, 03:57:35 PM

FitiCoin - Revolutionizing Fitness through Blockchain Technology

Code:

https://github.com/fiti-network/fiticoin
https://github.com/Fiti-Network/FitiCoin/releases

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

We have a new Fake Ann with a new Fake Github Malware download Link for FastyCoin !

Fake Github Account was created just 10 Hours ago.

Fake Github : github.com/Fasty-Coin

The Windows QT Wallet file size there is 700 MB and is the same as a few Fake ones in the past.

Account : Vautidroes <--- Please ban or Lock that Account and delete the Thread
Registered since October 02, 2021 , hacked or sold Account

This Account got already tagged and reported in 2023-11-10 for posting a Fake Ann with Malware download Link.

First Fake Ann from November 2023

Quote from: rampard on December 02, 2018, 03:57:41 AM

]Ramcoin is the Digital Currency for Romanian People on 100 Anniversary
Wallets: https://github.com/ramcoin-project/ramcoin/releases

Fake Ann Thread from today: [ANN] FastyCoin - Fast, Secure, and Community-Driven Cryptocurrency
Thread is Self Moderated as always from the Hackers

Quote from: ?? on ??

FastyCoin

Code:

https://github.com/Fasty-Coin/Core

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fake Ann Thread with an new Fake Github Account with Malware Link for ObscurityCoin (OBSC) !

The Fake Github Account was created 2 Days ago !

Fake Github : github.com/Obscurity-Network/

The Windows QT File there is 670 MB big and the Linux only 19 MB and thats very suspicious!

Account : Makkoortin <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 02, 2021 , Hacked or sold Account

Fake Ann Thread : [ANN] ObscurityCoin (OBSC) - Securing Your Digital Transactions with Privacy!
Self-Moderated Thread as always from the Hackers

Quote from: Makkoortin on December 22, 2023, 07:38:03 PM

Code:

https://github.com/Obscurity-Network/ObscurityCoin

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

Quote from: jerry0 on December 18, 2023, 07:11:55 PM

Are links on the coinmarketcap website dangerous? There are so many links you can click on whether it's about a coin and things like that. They highlight so many different things. Also on the right side, there are lot of posts from people that seem to be twitter posts regarding the coin. So clicking those links are unsafe or not?

First at all every Link can be dangerous on the internet or at any Website.
But normaly that Links on coinmarketcap are should be okay but what you will be find or can be download on that clicked Links can be dangerous.
You should be doing your own research if not sure if its safe or not looking on google maybe or here on the Forum if there are some Informations.

jerry0

full member

Activity: 1792

Merit: 186

Are links on the coinmarketcap website dangerous? There are so many links you can click on whether it's about a coin and things like that. They highlight so many different things. Also on the right side, there are lot of posts from people that seem to be twitter posts regarding the coin. So clicking those links are unsafe or not?

Crypto Library

hero member

Activity: 1036

Merit: 933

Find your Digital Services at- cryptolibrary.pro

Quote from: Bitcoin_Arena on December 17, 2023, 05:08:48 PM

Why the quick posts advertising some software that looks like tradingview. The person is trying to spread malware but rather more subtle way and also trying to provide clean virustotal results in each post when not even asked. Guilty conscience? I say yes!

The proverbs work here "A guilty in mind is always suspicious".

And they didn't just open four of the same topic, they opened several more. But the interesting thing is that those accounts are not newly registered accounts, All these accounts are opened up a few years ago. Roll Eyes

I think they should be banned or locked in addition to deleting their posts.

Bitcoin_Arena

copper member

Activity: 2128

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Quote from: Crypto Library on December 17, 2023, 04:57:32 PM

It's Looks suspicious that Same topic created 4time from 4 different accounts Roll Eyes

. Just take a look, aren't they spreading malware?

Code:

https://mega.nz/file/ihN13B6D#CIJVDW-nlS-5-tUKxgM1kvgwY2IqAWKzWDCMvZJw9kw

1. ProChart Navigator: Empowering Your Trading Experience ?
2. ProChart Navigator: Empowering Your Trading Experience
3. ProChart Navigator: Empowering Your Trading Experience
4. ProChart Navigator with Download Link !

Sorry I didn't have enough smerits, but something is definitely not adding up. Why the quick posts advertising some software that looks like tradingview. The person is trying to spread malware but rather more subtle way and also trying to provide clean virustotal results in each post when not even asked. Guilty conscience? I say yes!

Here is what I asked in one of the posts

Quote from: ?? on ??

Binaries uploaded on Mega.nz give me chills. It doesn't matter if the virustotal results are clean or not. Tongue

I have some questions;
1. What advantageous difference does your app have over the original trustable trading view app? What is funny is your executable app is also named "Tradingview.exe"
2. Did you tinker with the tradingview code?

Crypto Library

hero member

Activity: 1036

Merit: 933

Find your Digital Services at- cryptolibrary.pro

It's Looks suspicious that Same topic created 4time from 4 different accounts Roll Eyes

. Just take a look, aren't they spreading malware?

Code:

https://mega.nz/file/ihN13B6D#CIJVDW-nlS-5-tUKxgM1kvgwY2IqAWKzWDCMvZJw9kw

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fake Ann Thread with an Fake Github Account with Malware for [KASPAR] Kasparov !

Fake Github : github.com/tehasholdem/Kasparov
The File on the Fake Github has already the size of 170 MB as the other Malware files
Github Account was created on 10 November this is also the same date as the github.com/toootoooo/NetworkPHYS Account

Code:

C:\Users\user\AppData\Local\Temp\db4dfn0r.gxn\kasparov-gui.exe" /VERYSILENT
C:\Users\user\AppData\Local\Temp\is-LFTIA.tmp\kas.tmp" /SL5="$B019A,159993928,842240,C:\Program Files (x86)\My Program\kas.exe"
C:\Program Files (x86)\My Program\electrum.exe
C:\Program Files (x86)\My Program\kas.exe

C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="KDX genkeypair" program="C:\Program Files\Kaspa\KDX\bin\windows-x64\genkeypair.exe" dir=out action=allow enable=yes
C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

ET MALWARE Observed Malicious SSL Cert
ET MALWARE Generic AsyncRAT Style SSL Cert
ET INFO External IP Lookup Domain in DNS Lookup
Suspicious DNS Query for IP Lookup Service APIs

Source: https://www.virustotal.com/gui/file/6b639de205612d838e0f40ca43372f6e67a16c034b0108b0c4095af618841e97/behavior

Account : boxpackaging <--- Please ban or Lock that Account and delete the Thread
Registered since August 04, 2020 , Hacked or sold Account !

Fake Ann Thread: [ANN] [KASPAR] Kasparov - experimental fork Kaspa with new algo (POW+CPU mining)

Quote from: boxpackaging on December 15, 2023, 05:35:32 AM

Wallets

Code:

Windows GUI: https://github.com/tehasholdem/Kasparov/releases/download/0.9.0/kasparov-gui.zip
Source: https://github.com/tehasholdem/Kasparov/

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fake Ann with a new Fake Github Account with malware Link for [PHYS] PhysicalNetwork !

Github Account was created on November 10, 2023

Fake Github : github.com/toootoooo/NetworkPHYS

Same here as from the other Fake Github Files that was posted from the Hackers

Code:

Processes created

C:\Users\user\AppData\Local\Temp\qcdh5c4k.vj2\physnetwork-qt\physnetwork-qt.exe" /VERYSILENT
C:\Program Files (x86)\My Program\electrum.exe
C:\Program Files (x86)\My Program\kas.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Files Dropped
C:\Program Files\Kaspa\KDX\
C:\Program Files\Kaspa\KDX\bin\windows-x64\genkeypair.exe

ET MALWARE Observed Malicious SSL Cert
ET MALWARE Generic AsyncRAT Style SSL Cert
ET INFO External IP Lookup Domain in DNS Lookup
Suspicious DNS Query for IP Lookup Service APIs

Source : https://www.virustotal.com/gui/file/d103c368f748aeea587e47888c9a832cb1abc5d03797639af59ae58bf3e775c6/behavior

Account : rednick <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since February 27, 2018, lst post was March 09, 2021 , Hacked or sold Account

Fake Ann Thread : [ANN] [PHYS] PhysicalNetwork - scalable and private network [GPU/ghostdag]

Quote from: rednick on December 13, 2023, 03:52:17 PM

Wallets

Code:

Windows: https://github.com/toootoooo/NetworkPHYS/releases/download/1.0.0/physnetwork-qt.zip
Linux: https://github.com/toootoooo/NetworkPHYS/releases/download/1.0.0/phys-linux.zip

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fkae Ann Thread with an Fake Github , Malware downlaod Link for [NRP] Physical Network !

Fake Github : github.com/waynedickey/phys-network

Very bad things going on when you start the File from that Github.

Code:

Hidden Tear Ransomware
HanaLoader (Sysmon detection)
PsiXBot Malware behavior
Orcus RAT detection
DropboxAES RAT (Sysmon detection)
Change PowerShell Policies to an Insecure Level
POLICY-OTHER HTTP request by IPv4 address attempt

Source : https://www.virustotal.com/gui/file/f42ba385274e659f519fcecf8e673c527ccf7277d3b4b139989fb35202aa3007/behavior

Account : blouch <--- Please ban or Lock that Account and delete the Thread
Hacked or sold Account

Fake Ann Thread : [ANN] [NRP] Physical Network - experimental POW mining (ghostdag)

Quote from: blouch on December 12, 2023, 08:26:25 AM

Wallets

Code:

Windows: https://github.com/waynedickey/phys-network/releases/download/0.0.1/phys-qt-win64.zip
Linux: https://github.com/waynedickey/phys-network/releases/download/0.0.1/phys-linux.zip

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

Quote from: BABY SHOES on December 11, 2023, 08:30:47 AM

Thanks Lafu, I will keep posting here when I find fake ANNs spreading malware with fake github here.
I've updated it with code so someone can't click on it.

Nice Thanks for the edit and this helps for sure that its not accidentally clickable for other Users.
Also thanks for keeping your eyes open and you are right on that last Fake Ann.

There is more evidence and information about that Fake Github File when you looking on the behavior of the File.

And its the same file as we got it from Fake Github github.com/troyseate/electrum-kas just a other Github Account.

Code:

C:\Program Files (x86)\My Program\MyProg.exe
C:\Program Files (x86)\My Program\electrumkas.exe
C:\Program Files (x86)\My Program\electrumkas.exe.config
C:\Program Files (x86)\My Program\electrumkas.exe\:Zone.Identifier

Source : https://www.virustotal.com/gui/file/90865b85c96429951ec2d1014398dfaf336e5be6cfd6d6fcbb13827184e1a4f8/behavior

Whats interesting on that File is that here:

Code:

fullnode-win64/fullnode-win64-qt.exe
256 - C:\Windows\System32\netsh.exe "C:\Windows\system32\netsh.exe" advfirewall firewall add rule name="KDX kaspa-miner" program="C:\Program Files\Kaspa\KDX\bin\windows-x64\gpuminer.exe" dir=out action=allow enable=yes

It modifies your Firewall when you start the Wallet.exe and a lot of other bad things.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

A fake ANN that spreads malware from github and accounts just woke up with 5 years of sleep.

User: ranastic Please ban or Lock that Account - This user recently woke up from a long period of inactivity.
ANN Fake: [ANN] BURNSTAR - New GEM for GPU mining (GPU PoW/ghostDAG/blockDAG)

Quote from: ?? on ??

Code:

[b]OUR WALLETS[/b]
Windows: https://github.com/tpillatzke/burnstar/releases/download/1.0.0/fullnode-win64.zip
Linux: https://github.com/tpillatzke/burnstar/releases/download/1.0.0/burnstar-linux.zip
Source: https://github.com/tpillatzke/burnstar

Virustotal: https://www.virustotal.com/gui/file/90865b85c96429951ec2d1014398dfaf336e5be6cfd6d6fcbb13827184e1a4f8/detection

Quote from: Lafu on December 10, 2023, 04:49:20 PM

I really appreciate it that you keep your eyes open and posting this things here in the thread to collect as much data for the Fake Github Account.
But again is it possible when you write your posts that you use the code function ( as i have done it in your quote ) for the Links so that nobody can click on them , that would be nice.

Thanks Lafu, I will keep posting here when I find fake ANNs spreading malware with fake github here.
I've updated it with code so someone can't click on it.

Lafu

legendary

Activity: 3178

Merit: 3295

Quote from: BABY SHOES on December 08, 2023, 05:57:56 AM

I reported a fake ANN with the same case above, and now the old account is alive again to spread malware through github.

Github fake

Quote from: ?? on ??

GITHUB

Code:

WINDOWS: https://github.com/troyseate/purn-network/releases/download/1.0.0/purn-qt-win64.zip
LINUX: https://github.com/troyseate/purn-network/releases/download/1.0.0/purn-qt-linux.zip
SOURCE: https://github.com/troyseate/purn-network

Yes there was a few of them the last days but they got already all deleted.
I really appreciate it that you keep your eyes open and posting this things here in the thread to collect as much data for the Fake Github Account.
But again is it possible when you write your posts that you use the code function ( as i have done it in your quote ) for the Links so that nobody can click on them , that would be nice.

Pages:

«
6
7
8
9
10
11
12
13
14
15
»

Bitcoin Forum>Other>Meta

Jump to:

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 11. (Read 38103 times)