Report Malware and Suspicious Links here so Mods can take Action ! - page 12.

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

I reported a fake ANN with the same case above, and now the old account is alive again to spread malware through github.

User: Toto2020 Please ban or Lock that Account
ANN Fake: [ANN] PURN-NETWORK - Kaspa fork with new features (GPU PoW/ghostDAG)

Virustotal: https://www.virustotal.com/gui/file/281768a452b533759c21c0dc80b81cf0d49de1be645368fbdda8c66dcb7120d3/detection

Github fake

Code:

WINDOWS: https://github.com/troyseate/purn-network/releases/download/1.0.0/purn-qt-win64.zip
LINUX: https://github.com/troyseate/purn-network/releases/download/1.0.0/purn-qt-linux.zip
SOURCE: https://github.com/troyseate/purn-network

Lafu

legendary

Activity: 3178

Merit: 3295

And we have again a new Fake Ann Thread with the Fake Github Link with Malware for PURN !

Fake Github : github.com/troyseate/purn-network

This Fake Github Account have already other Links in it too.

Code:

github.com/troyseate/purn-network
github.com/troyseate/electrum-kas
github.com/troyseate/pyrinwallet
github.com/troyseate/electrum
github.com/troyseate/awesome-nodejs

Windows already gives you a Warning vor Virus and Trojan when you try to download the File from the Fake Github.

Account : Digitminer <--- Please ban or Lock that Account and delete the Thread
Registered since July 15, 2017 , Hacked or sold Account

Quote from: Digitminer on December 07, 2023, 07:53:59 AM

WINDOWS:

Code:

https://github.com/troyseate/purn-network/releases/download/1.0.0/windows.zip

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

We have a new Fake Ann Thread with anew Fake Github Account with Malware and Trojan download Link for KASTLS (kaspa tools project) !

The Fake Github download File was created 2 Days ago.

Fake Github : github.com/troyseate/electrum-kas

A Many shady and bad things happen when you start the Wallet File:

Code:

MALWARE TROJAN EVADER RAT

Detects Schtask creations that point to a suspicious folder or an environment variable often used by malware
Detects DNS queries for IP lookup services such as "api.ipify.org" originating from a non browser process.
Detects the addition of a new rule to the Windows firewall via netsh
Detects scheduled task creations or modification to be run with high privileges on a suspicious schedule type
Detects the creation of scheduled tasks in user session
Detects the load of RstrtMgr DLL (Restart Manager) by an uncommon process. This library has been used during ransomware campaigns to kill processes 
Detects loading of Amsi.dll by uncommon processes
Detects a WMI modules being loaded by an uncommon process

C:\Program Files\Kaspa\KDX\bin\windows-x64\genkeypair.exe
C:\Program Files\Kaspa\KDX\bin\windows-x64\gpuminer.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\RestartManager

C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn "Discord startup" /sc ONLOGON /tr "C:\Users\user\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Also your Discord App will be compromised with it on the startup.

Source : https://www.virustotal.com/gui/file/4dcae6a5ede0c0059bf0cdce636b144c40faa65c4539f91d456cc8df333509ff/behavior

Account : fanepatent2 <--- Please ban or Lock that Account and delete the Thread and Posts
Registered since November 23, 2017 possible hacked or sold Account

Fake Ann Thread : [ANN] KASTLS - kaspa tools project (For using)

Quote from: fanepatent2 on December 05, 2023, 02:13:01 PM

Hello community!

Code:

https://github.com/troyseate/electrum-kas/tree/main

Fake Posts :
https://bitcointalksearch.org/topic/ann-pyrin-pyi-gpu-pow-ghostdag-blockdag-5476198
https://bitcointalksearch.org/topic/ann-karlsen-kls-gpu-pow-a-fork-of-kaspa-with-kheavyhash-asic-resistance-5475216
https://bitcointalksearch.org/topic/ann-kaspa-kas-cpu-pow-ghostdag-5373286

This post is also a reference for the Github Report !

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

I found a suspicious thread that did not share a link within GitHub but rather with a free website from GoDaddy and there it appeared to be spreading a virus downloaded via mega.nz

User: FunkySkunk
ANN Fake: Release: New Altcoin - A even Lite version of Litecoin Called Obsidian (OBS)

Virustotal: https://www.virustotal.com/gui/file/8f836b7a9ecfcc716ee78bef17494d4789134646b695df05b656714a98b57ea1/detection

I found Obsidian project's old ANN : Obsidian ODN - CryptoCurrency & Secure Anonymous Messaging

Lafu

legendary

Activity: 3178

Merit: 3295

We have a new Fake Ann Thread with a new Fake Github Malware download Link for MentaCoin (MNLC) !

The Fake Github Account was just created 1 Hour ago.

Fake Github : github.com/MNLCoinNetwork/MentaCore
Real Github : github.com/MentaCoin

Lot of bad things happen when you download and start the Files from the Fake Github.

Code:

Drops script at startup location
Detects Schtask creations that point to a suspicious folder or an environment variable often used by malware
Detects the execution of a renamed AutoIt2.exe or AutoIt3.exe. AutoIt is a scripting language and automation tool for Windows systems.
Attackers can leverage AutoIt to create and distribute malware, including keyloggers, spyware, and botnets
This detection method points out highly relevant Antivirus events
A Network Trojan was detected
Device Retrieving External IP Address Detected

C:\Users\user\AppData\Local\Oliver Robinson\SocialPulse Monitor.pif
C:\Users\user\AppData\Local\Temp\8819\5865\jsc.exe 
C:\Users\user\AppData\Local\Temp\flofy.exe
C:\Users\user\AppData\Local\Temp\noply.exe
C:\Windows\SysWOW64\cmd.exe cmd /c copy /b Legal + Rebel + Desktops + Sleeve + Romania 5865\Peeing.pif
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 2176
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Users\user\AppData\Local\Temp\QY7M5JAACrWc.bat"

Source : https://www.virustotal.com/gui/file/0a483d211b2e8cefa76989095cb7965eae7a13d67626a96497dc213b0fae4a80/behavior

Account : Taoktoyre <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 02, 2021 , Hacked or sold Account

Fake Ann Thread : [ANN] MentaCoin (MNLC) - Unleashing the Power of Minting for Mental Health

Quote from: ?? on ??

Code:

https://github.com/MNLCoinNetwork/MentaCore/

This post is also a reference for the Github Report !

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

The old account suddenly woke up by posting to spread the virus via a github link.

User: Jesus32 - Please ban this user and lock the thread.
ANN Fake: [Pre-ANN] TOCKXS - world processor (Ghostrider, Build own exchange)

Virustotal: https://www.virustotal.com/gui/file/b0058392ab90e7fa53d0bef8a88bb4a3b207144704565731406962f35211d3dc/behavior

Quote from: ?? on ??

Wallets
WIndows: https://github.com/tockx/tockx-core/releases/tag/1.0.0
Source: https://github.com/tockx/tockxs-core

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fake Ann Thread again with a new Fake Github Malware download Link for MNSC !

The Fake Github was just created 4 Hours ago.

Fake Github : github.com/voknelez/MNSCoin
Real Github : github.com/NewMNSavings/NewMNSCoin/

Same here for the Fake Github files:

Code:

Detects the usage of binaries such as 'net', 'sc' or 'powershell' in order to stop, pause or delete critical or important Windows services such as AV, Backup, etc. As seen being used in some ransomware scripts
Detects DNS queries for IP lookup services such as "api.ipify.org" originating from a non browser process.
Detects the stopping of a Windows service

C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Virustotal : https://www.virustotal.com/gui/file/9b3d70ad7020b97311fcbe6d69a6181acc09d83e886f0f08f1eff35d0cb8b076/behavior

Account : salmanb <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since December 06, 2018 , Hacked or sold Account

Fake Ann Thread : [ANN] Concept blockchain technology for QUARK (Pow, Quark)

Quote from: ?? on ??

Wallets

Code:

Windows: https://github.com/voknelez/MNSCoin/releases/download/1.0.0/MNSC-Win.zip

Original Ann Thread : New Masternode Savings Coin (nMNSC)

Account : Kryptoyaner

Quote from: Kryptoyaner on August 29, 2023, 11:31:33 PM

Wallets:
• Windows: https://github.com/NewMNSavings/NewMNSCoin/releases/download/v1.0.0/nMNSC-Win.zip

New Fake Ann Thread again for NikiChain

Same Fake Github Account as for MNSC

Fake Github : github.com/voknelez/MNSCoin
Fake Github : github.com/voknelez/nikichain

Account : kuzgun51 <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Hacked or sold Account

Fake Ann Thread : [ANN] NikiChain - blockchain with crypto bridges (CPU, Mine and Exchange now)

Quote

NikiChain Wallet:

Code:

Windows : https://github.com/voknelez/nikichain/releases/download/2.0.2.3/windows-nikichain-2.0.2.3.zip

Quote from https://bitcointalksearch.org/topic/--5474315

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fake Ann Thread with an new Fake Github Malware download Link for CommunityCoin !

The Fake Github was created 16 Hours ago.

Fake Github : github.com/CommunityCash
Real Github : github.com/CommunityCoin

Virustotal with 6 detections : https://www.virustotal.com/gui/file/21767196a889ef21fba60611b753272154634011499000685d53534da33a247a/behavior

Code:

Detects suspicious new RUN key element pointing to an executable in a suspicious folder
Detects modification of autostart extensibility point (ASEP) in registry.

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

The Fake Github was not long ago updated with new Files that now have Malware and Trojan in it.

Code:

Generic.Malware.AI.DDS
Generic ML PUA (PUA)
Malware.SwollenFile!1.E38A (CLASSIC)
Trojan.Barys

Account : Xabikonjes <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 02, 2021 , Hacked or sold Account

Fake Ann Thread : [ANN] CommunityCoin: Empowering the Community with CMNT
The Thread is self-moderated

Quote from: ?? on ??

Code:

https://github.com/CommunityCash/CommunityCoin

This post is also a reference for the Github Report !

Bitcoin_Arena

copper member

Activity: 2128

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Quote from: Bitcoin_Arena on November 14, 2023, 06:57:59 PM

This one is trying to sell cryptowallet drainers, which are also classified as malware. The scripts are created to drain off crypto from a person's address once they try to connect their wallet to the website

mercy_rain <--- Nuked

Nice seeing that the mods did a quick job. The user was banned, however he is back with a new account. Spreading malware and evading ban at the same time

New account: mercy___rain <--- Please ban or Nuke

ANN: WTS (Selling Drainers) Archive: https://ninjastic.space/topic/5474135
I have also reported his Fake GitHub account. I hope GitHub does what is required.

Bitcoin_Arena

copper member

Activity: 2128

Merit: 1814

฿itcoin for all, All for ฿itcoin.

This one is trying to sell cryptowallet drainers, which are also classified as malware. The scripts are created to drain off crypto from a person's address once they try to connect their wallet to the website

mercy_rain <--- Please ban or Nuke

Thread: WTS (Selling Drainers) Archive - https://ninjastic.space/topic/5474076

Fake GitHub link: github.com/ggrner (only 2 weeks old)

Drainer links

Code:

https://github.com/ggrner/golden-drainer 
https://github.com/ggrner/stepn-solana-drainer
https://github.com/ggrner/spaceX_v3_drainer_2023

He even confessed that GitHub keeps deleting his repositories

Quote from: ?? on ??

Github too often deletes repositories and I need create new acc

light_warrior

copper member

Activity: 588

Merit: 926

I think this is a malware thread, as many threads with this coin have already been deleted and users who posted a similar thread have been banned. I don't know if I'm right or not, please check.

ViktorStrange

Thread

[ANN] NikiChain - blockchain with crypto bridges (CPU mining, Ghostrider)

Malware link

Code:

https://github.com/teubub411/NikiBlockchain/releases/download/2.0.2.3/windows-nikichain-2.0.2.3.zip

Lafu

legendary

Activity: 3178

Merit: 3295

And again a new Fake Ann Thread with a new Fake Github Malware download Link for BRANDS again !

Fake Github was created 4 Hours ago.

Fake Github : github.com/vandia1/CryptoBrands

The downloaded and installed files from there have this here:

Code:

Registry keys set
HKEY_CURRENT_USER\Software\Evrmore
HKEY_CURRENT_USER\Software\Evrmore\Evrmore-Qt
HKEY_CURRENT_USER\Software\Microsoft\RestartManager

C:\ProgramData\ThunderboltDriver\tbdriver.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe
C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn ThunderboltDriver /tr C:\ProgramData\ThunderboltDriver\tbdriver.exe /sc onlogon /it /f /rl HIGHEST
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source : https://www.virustotal.com/gui/file/5a4ea5abd5f2150b2cc346cf7564454cb6d4bfdda2876324f88e267eb8242d90/behavior

Account : BukanAdit <--- Please ban or Lock that Account and delete the Thread
Registered since May 19, 2020 , Hacked or sold Account

Fake Ann Thread : [ANN] Decentralized tech mining system/GPU mining/Airdrop

Quote from: ?? on ??

WALLET
Windows:

Code:

https://github.com/vandia1/CryptoBrands/releases/download/1.0.0/brands-win64.zip

This post is also a reference for the Github Report !

Bureau

sr. member

Activity: 490

Merit: 279

Another post on the Indian local board with a suspicious link. Please check it and delete the post. I have already reported it to the global mods but I think there should be a local mod to remove such links. I do not understand why a big board like India does not have a local mod to date. There are a few sub-boards that need to be restructured and a lot of pin messages need to be removed. At the moment it is not done as global mods are busy and won't work on such issues.

The link to the post: https://bitcointalksearch.org/topic/--5474041

Lafu

legendary

Activity: 3178

Merit: 3295

And again there is a new Fake Ann Thread with an Fake Github Malware download link for BRANDS !

Fake Github : github.com/veramuraga/BlockchainBrands

The Fake Github was just created 1 Hour ago.

The downloaded and installed files from there have this here:

Code:

Registry keys set
HKEY_CURRENT_USER\Software\Evrmore
HKEY_CURRENT_USER\Software\Evrmore\Evrmore-Qt
HKEY_CURRENT_USER\Software\Microsoft\RestartManager

C:\ProgramData\ThunderboltDriver\tbdriver.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell.exe
C:\Windows\SysWOW64\schtasks.exe "schtasks" /create /tn ThunderboltDriver /tr C:\ProgramData\ThunderboltDriver\tbdriver.exe /sc onlogon /it /f /rl HIGHEST
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source : https://www.virustotal.com/gui/file/5a4ea5abd5f2150b2cc346cf7564454cb6d4bfdda2876324f88e267eb8242d90/behavior

Account : Darkvi <--- Please ban or Lock that Account and delete the Thread
Registered since January 20, 2019 , Hacked or sold Account

Fake Ann Thread : [Pre-ANN] BRANDS - new trading tech [ProgPow/New eco area]

Quote from: ?? on ??

WALLETS

Code:

Github: https://github.com/veramuraga/BlockchainBrands/releases/tag/1.0.0

This post is also a reference for the Github Report !

BABY SHOES

sr. member

Activity: 294

Merit: 433

HODL - BTC

Newbie accounts spread the virus on meta boards and local india boards with Trading AI Tool.

user: ddoxer889 - Please ban this user and lock the thread.
ANN: Trading AI Tool / Trading AI Tool

Code:

[url=https://transfer.sh/MadLG7DuLG/Trading%20AI%20Tool.zip]https://transfer.sh/MadLG7DuLG/Trading%20AI%20Tool.zip[/url]

Virustotal: https://www.virustotal.com/gui/url/88da53b771ed7fa6392a003168cedf076e78eede18d8a426bd583219a7396e51/detection

Lafu

legendary

Activity: 3178

Merit: 3295

And again we have a new Fake Ann Thread with a new Fake Github Malware download Link for Capybara coin !

Fake Github Files was just uploaded 40 Minutes ago.

Fake Github : github.com/xaMWVUnT/capybara/
Real Github : github.com/Capybaraworld/

Account : Dmengeon2 <--- Please ban or Lock that Account and delete the Thread
Registered since October 31, 2017 , Hacked or sold Account

Fake Ann Thread : Capybara coin - scrypt animal coin (Not another animal coin)

Quote from: ?? on ??

Wallets
Windows:

Code:

https://github.com/xaMWVUnT/capybara/blob/main/capybara-win64.zip

Virustotal : https://www.virustotal.com/gui/file/5ab74c83f8df2dd95e83e220bb2b0e3bf63b24aa7043b5cdd38f4ca7f6360ae0/behavior

Code:

C:\Windows\Supremo.exe
C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

When you install the Fake Github download file it will create a lot of bad things.
One of them is the File C:\Windows\Supremo.exe that is a Remote Control Program

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

And we have another new Fake Ann Thread with an Fake Github download Link for Nevermore !

Fake Github : github.com/thelifebeautifulguru
Real Github : github.com/evrmoreorg

Account : Krissh_369 <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since April 21, 2020 , hacked or sold Account

Fake Ann Thread : [ANN] Nevermore - blockchain for DeFI (Fork Evrmore) (GPU mining)

Quote from: ?? on ??

Wallets
Windows:

Code:

https://github.com/thelifebeautifulguru/Nvrmore/releases/download/2.1.0/nevermore-v2.1.0-win64.zip

For More Information:
discord.gg/4csauGuvw3

Original Ann Thread : [ANN] Evrmore [EVR] Blockchain | ProgPoW GPU Mining | The Ravencoin fork for DeF

Account : hans_schmidt

Quote from: hans_schmidt on October 11, 2022, 05:37:50 PM

For More Information:
https://github.com/evrmoreorg
discord.gg/4csauGuvw3

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3178

Merit: 3295

And we have new Fake Ann Topics with Malware download Links again , now with Short Links !

The Short Links are directing to the Fake Github Account download page!

Quote from: ?? on ??

Windows:

Code:

https://shorturl.at/dzET7

With http://getlinkinfo.com you will get all the Information you need and you see the Fake Github Account !
GetLinkInfo for that used Short Link : Result

Fake Github : github.com/nikitonum
Real Github : github.com/nikitonium

Account : mah0099 <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since August 02, 2020 , hacked or sold Account

Fake Ann Thread : [ANN] SUB - sub network for workspace (Mineable)

Quote from: ?? on ??

Windows:

Code:

https://shorturl.at/dzET7

And again a new Fake Ann with a new Fake Github Account showed up this time for BlackCode !

Fake Github just got created 1 Hour ago and looks like it got already deleted.

Fake Github : github.com/BlackCodeBlockchain

Virustotal Malware and Trojan detections : https://www.virustotal.com/gui/file/bc2b3e767d1c973f8a1d5f70fa44f3bef1cda849e8520aca17833ba8833d956e/behavior
Files that will get installed here again:

Quote from: ?? on ??

LINKS

Code:

Github: https://github.com/BlackCodeBlockchain/CoreWallets/releases/tag/2.1.2

This post is also a reference for the Github Report !

light_warrior

copper member

Activity: 588

Merit: 926

Quote from: Lafu on November 10, 2023, 12:12:06 PM

The Fake Github Account was just created 1 Hour ago.

Can I ask you a question? How do you determine the time and date when a Github account was created? I found three threads created by the accounts you marked in red and I wanted to see the time the accounts were created on Github, but I didn't see that information there.

https://bitcointalksearch.org/topic/--5473646
https://bitcointalksearch.org/topic/--5473647
https://bitcointalksearch.org/topic/--5473645

Lafu

legendary

Activity: 3178

Merit: 3295

And we have a new Fake Ann Thread with a new Fake Github Account for Subi Network !

The Fake Github Account was just created 1 Hour ago.

Fake Github : github.com/VirtualRealityProject
Real Github : github.com/subinetwork

Account : alinyous <--- Please ban or Lock that Account and delete the Thread
Looks like this Account got hacked or sold , Registered since May 25, 2018.

Fake Ann Thread : [ANN] VRT - virtual reality project (Ghostrider/Exchange 20/11/2023)

Quote from: ?? on ??

Subi Network's combination of public and private blockchain technologies for unparalleled gaming experiences in virtual reality
WALLETS
Windows:

Code:

https://github.com/VirtualRealityProject/VRNetwork/releases/download/1.1.2.4/subi-win-1.1.2.4.zip

Original Website : https://subinetwork.com/

Quote

Subi Network combine public and private blockchain technologies to create unparalleled gaming experiences based on virtual reality.

Source : https://subinetwork.com/

This post is also a reference for the Github Report !

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 12. (Read 38103 times)