Pages:
Author

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 15. (Read 36997 times)

legendary
Activity: 3136
Merit: 3213
About 8 of his accounts have been banned so far, but this guy is still posting links of a malicious script service

New account: Xdrainer543tre
ANN: https://bitcointalksearch.org/user/xdrainer543tre-3542319

I think the above profile should be banned too.
I have reported one that posts earlier this day but not because of the Service he is offering , but i reported it as it was in the wrong section in Altcoins.
Good to know about that other Alt Accounts already banned of him and next time when i see one of this posts i make a reference to your post here.
Thanks for let me know and that you always keep your eyes open.
copper member
Activity: 2170
Merit: 1822
Top Crypto Casino
About 8 of his accounts have been banned so far, but this guy is still posting links of a malicious script service

New account: Xdrainer543tre
ANN: https://bitcointalksearch.org/user/xdrainer543tre-3542319

I think the above profile should be banned too.
legendary
Activity: 3136
Merit: 3213
We have a new Fake Ann with a Fake Github download link with Malware for PerFix and they copy / paste the text from Chinet !

Fake Github Account : github.com/Per-Fix

The Fake Github Account was created an Hour ago.
And again there is the " Hi there 👋 " in the readme file as it was for the other Fake Github Accounts.
Code:
https://github.com/Per-Fix/Per-Fix/blob/main/README.md

Account : SmokeysGardens  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Last post of this Account was back in  March 21, 2018 , Hacked or sold Account !

Fake Ann Thread : [ANN] PerFix - Trusted & Secure Crypto Project (POW+POS)
The Thread is selfmoderated as always from the Hackers.

Wallet

Code:
https_://github.com/Per-Fix/Per-Fix/releases/download/Per-Fix/Perfix_v1.5.0.zip

They used and copied the Text for there Fake Ann from the Chinet Ann and Website.

PerFix is a technology that seeks to combine the latest advances in digital finance, decentralized applications and artificial intelligence.
The security of your transactions is ensured by the time-tested CryptoNote protocol. The hybrid POW and POS consensus algorithm makes it possible for anyone to mine and use PerFix.


Original Thread : [ANN][CHN] Chinet - Trusted & Secure Crypto Project (POW+POS)

Quote
Chinet is a technology that seeks to combine the latest advances in digital finance, decentralized applications and artificial intelligence.
The security of your transactions is ensured by the time-tested CryptoNote protocol. The hybrid POW and POS consensus algorithm makes it possible for anyone to mine and use Chinet.
Original Website : https://chinet.io/

This post is also a reference for the Github Report !
legendary
Activity: 3136
Merit: 3213
I found another Fake Ann and Fake Miner Thread with the Fake Github where they try to get Users Account hacked !

Fake Github Account : github.com/Robert746/

In there there are more Fake download files :
Code:
github.com/Robert746/RocketMiner
github.com/Robert746/Evolution-EVOX
github.com/Robert746/GMinerRelease
github.com/Robert746/RadiumX


Account : spracrypto  <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in March 14, 2018, Hacked or sold Account

Fake Miner Thread : ✅RocketMiner | Best KAS ZIL NEXA miner in the world | Low fee✅
The thread is also selfmoderated and thats what the hackers lately are doing.

This is an optimised miner for Nvidia + AMD GPUs.

Code:
[b]Usage and other info:[/b] https://github.com/Robert746/RocketMiner
[b]Downloads:[/b] https://github.com/Robert746/RocketMiner/releases

Any feedback is welcome.
Thanks!

This post is also a reference for the Github Report !
legendary
Activity: 3136
Merit: 3213
This guy is trying to spread malware in a tricky way. Most members have probably not noticed it yet
Profile - Jescbitcoin <--- Please ban/Delete threads containing malware links

Proof that the zipped file contains malware;

https://www.virustotal.com/gui/file/c40bf2e193e2e72f0a93f72b0b88b699887885a8da8091b26acbb5d8ff8fcf5e?nocache=1
Thanks for let me know about that User and the Malware download links !
I also have reported the posts with a reference to your post here and i also supporting the Flag for that User.
And i also have given the Account some negative Feedback to warn other Users and people.
Thanks for keeping your eyes open.
legendary
Activity: 1722
Merit: 4711
**In BTC since 2013**
This guy is trying to spread malware in a tricky way. Most members have probably not noticed it yet

Profile - Jescbitcoin <--- Please ban/Delete threads containing malware links

I was checking the topics in the Portuguese tabs and I came across a topic from that user, which when investigating would give the same alert. Thank you for having already done so.

Just a tip, the flag you created (which I already supported) indicated the first post of this topic, and should have indicated your post explaining the situation.


EDIT
Other topics created by the least user, with the same purpose:
https://bitcointalksearch.org/topic/--5444649
https://bitcointalksearch.org/topic/--5444648
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
This guy is trying to spread malware in a tricky way. Most members have probably not noticed it yet

Profile - Jescbitcoin <--- Please ban/Delete threads containing malware links

Topics.
1. https://bitcointalksearch.org/topic/--5444646
2. https://bitcointalksearch.org/topic/--5444647

Mega Malware link

16000 Deep web links:
Code:
 https://mega.nz/file/2QhmSCrT#Da7zp7E-hTZ055GxggkRBrsxny1m7Ya0Wf8v34ZyiDo

Proof that the zipped file contains malware;

https://www.virustotal.com/gui/file/c40bf2e193e2e72f0a93f72b0b88b699887885a8da8091b26acbb5d8ff8fcf5e?nocache=1

legendary
Activity: 3136
Merit: 3213
And we have a new kind of Fake Ann and a new Fake Github Account with Malware !

The Fake Github Account was created an hour ago !

Fake Github Account : github.com/ProjectEvoX/
Real Github Account : github.com/evolution-project

Account : A7fold  <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in June 25, 2018,Hacked or sold Account

Fake Thread : [ANN] Evolution Project EvoX - Fast, Secure and Anonymous

• Ticker - EVOX
Wallet:

Code:
https_://github.com/ProjectEvoX/ProjectEvoX/releases/download/ProjectEvoX/Evolution-EVOX.zip


Original Thread

Thread : [ANN][EVOLUTION] Evolution-Project coin
Account : evolution-project

* Information about the coin
- Ticker: EVOX

* Links
 GitHub:    https://github.com/evolution-project
 
* Update links:

 Website: https://evolution-network.org/

This post is also a reference for the Github Report !



Edit

They changed there Fake Github again for the Fake Evolution Project EvoX Thread !

Fake Github Account is now : github.com/Robert746/

Account : kamranki <--- Please ban or Lock that Account and delete the Thread

Wallet:

Code:
https_://github.com/Robert746/Evolution-EVOX/releases
legendary
Activity: 3136
Merit: 3213
And they have changed the there Fake Github again for RadiumX in the Fake Ann Threads !

The Fake Github Account was created 1 hour ago  

Fake Github Account : github.com/RadiumX-Dev/

Account : Geeba_Official  <--- Please ban or Lock that Account and delete the Thread
The Last post from that Account was back in August 12, 2018 , Hacked or sold Account

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode

Wallets
Code:
https_://github.com/RadiumX-Dev/RadiumX/releases



And there is another new Fake Ann and download with Malware for Bitcointalk Wallet

Fake Github Account : github.com/BitcointalkWallet-Main/

Account : ikymwb  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.

Code:
https_://github.com/BitcointalkWallet-Main/BitcointalkWallet/releases/download/BitcointalkWallet/BitcointalkWallet-1.0.1.zip

This post is also a reference for the Github Report !
legendary
Activity: 3136
Merit: 3213
And here is one more:
Account : JamalAmal99  
Thanks and yes i have seen that also and reported it instant when i have readed the thread and post from that User.
I just havnt written it to my post earlier but i used the post as a reference for it and will be doing it for the coming one.
Thanks for keeping the eyes open and also for reporting this things.
legendary
Activity: 1526
Merit: 1359
We have again a new Fake Ann with a new Fake Github Account for RadiumX !

Fake Github Account was created 2 days ago.

Fake Github Account  : github.com/Lolliediep/

And here is one more:

Account : JamalAmal99  
This user recently woke up from a long period of inactivity. (Hacked or sold Account)

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode

Also, newbie account thikachhey is used to bump those fake ANN threads.
legendary
Activity: 3136
Merit: 3213
We have again a new Fake Ann with a new Fake Github Account for RadiumX !

Fake Github Account was created 2 days ago.

Fake Github Account  : github.com/Lolliediep/

And there are more Fake download and Malware files in there.
Code:
lolMiner_v1.69_Win64.zip 
radiumX.zip
rigel-1.3.8-win.zip

So i guess we will see more Fake Anns or posts for this files in the mining section in the threads soon also.

Account : s22606  <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in January 30, 2018, Hacked or sold Account
This user recently woke up from a long period of inactivity.

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode

Wallets
Code:
https_://github.com/Lolliediep/lolMiner-releases/releases/download/1.69/radiumX.zip

This post is also a reference for the Github Report !
legendary
Activity: 3136
Merit: 3213
There is now a New Fake Ann Thread for Raptoreum with also a new Fake Github Account !

Fake Github Account was created 15 Hours ago !

Fake Github Account : github.com/Raptoreum-Core/
Original Github Account : github.com/Raptor3um/raptoreum

Account : oluaris      <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Last Post from this User was back in June 10, 2018, Hacked or sold Account

Fake Ann Thread : [ANN] Raptoreum - POW (GhostRider) | ASIC And FPGA Resistant | Mainnet Is Live

About Raptoreum
Links
Wallet:
Code:
https_://github.com/Raptoreum-Core/Raptoreum/releases/download/Raptoreum/raptoreum-win-1.4.19.02.zip


Original Thread :  [ANN] Raptoreum - POW (GhostRider) | ASIC And FPGA Resistant | Mainnet Is Live
User : Raptoreum


This post is also a reference for the Github Report !
legendary
Activity: 1666
Merit: 1037
Maybe creating some sort of bot that posts a warning until the topic is deleted may be a good idea. The reason I suggest this is because I saw that two users downloaded the wallet and asked questions about it in the thread after downloading. I am not sure if anyone contacted them or not after the thread was deleted, though I had to tell them/give them some tips to be safe if they were to have downloaded it. A solution should definitely be created to address this I think. I am happy to also monitor this thread and post warnings as soon as possible as they come by until a solution is created.
Thats not so easy as you think and write , because first the Fake Ann and the Malware link must be detected manually and integrated into the Bot.
And here is the next problem as they changing so often there Fake Github Links for the download and also the Thread title.
Before a bot is posting a warning (The idea is great dont understand me wrong) it is better to delete the thread instant.
For posting a warning in this kind of Threads there for we are here and thank you for have done it .

Maybe a suggestion in Meta to enable some sort of "moderator review" with some sort of parameters (so that not all new threads have to be reviewed) that is open not just to moderators, but also to white-listed or established members like yourself who are actively watching these threads may be a good idea to combat the problem. The problem being that new members/inexperienced members are quick to try and get in on new coins at the moment they are announced, download the wallet, and then get infected...all before anyone who is knowledgeable enough discovers the thread is fake and the wallet is infected.

The review period could be a 24 hour/X time "hold" on the topic being published, where only available for legendary members (or some sort of membergroup) to be able to see so that the validity of the thread can be reviewed before the public sees it. To reduce the amount of threads caught in review, it can limit strictly to newbie members or also junior members. As it seems these are the ones who are mostly posting malicious content. Copper members excluded from review (as people who pay for the rights of Copper are less likely to waste it on an attempt to spread malware, I would assume) as are Full member and above (for a similar reason). Parameters about wake-up time can also be added.
legendary
Activity: 3136
Merit: 3213
As for the links, I'll probably formulate some sort of list, and report it to Mitchell periodically, however it does seem like they continue to just post new links, so will likely evade the bot.

Although, keep reporting them, and we'll at the very least mitigate the exposure this gets. Thanks for doing your bit!
Thats why write the Links here so Mitchell can add them to his Bot and also i write them here for a reference for the Github reports also .
And other Users can see them too when they maybe doing some research for the Links .
When i see them i report them dont worry on that , and its also a reference for the reports when i write them here.
staff
Activity: 3304
Merit: 4115
<----- Account is already locked or banned normaly
This user recently woke up from a long period of inactivity.
Last post from that Account was back in November 02, 2018 , Hacked or sold Account
<---- Thread is already deleted
This post is also a reference for the Github Report !
I've moved it to the trashcan to mitigate the exposure, although I've escalated it to the global moderators to take further action, so shouldn't be long until that's done. As for the links, I'll probably formulate some sort of list, and report it to Mitchell periodically, however it does seem like they continue to just post new links, so will likely evade the bot. We might need to come up with a custom solution to detect these early, potentially. It's one of the reasons I'm for a shadow ban effect, maybe specifically for accounts looking to post links, rather than all newly registered accounts. I know that these accounts they're obtaining aren't new, which is part of the problem since they evade some of the moderators.

Although, keep reporting them, and we'll at the very least mitigate the exposure this gets. Thanks for doing your bit!
legendary
Activity: 3136
Merit: 3213
And we have again a new Fake Ann for RadiumX with a new Fake Github Account !
Looks like they are also hacking now github accounts or buy them.

Fake Github Account : github.com/safi71/

Account :  mbpinewatch   <----- Account is already locked or banned normaly
This user recently woke up from a long period of inactivity.
Last post from that Account was back in November 02, 2018 , Hacked or sold Account

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode  <---- Thread is already deleted

Wallets
Code:
https_://github.com/safi71/RadiumX/releases/download/1.0.1/radiumX.zip

This post is also a reference for the Github Report !
legendary
Activity: 3136
Merit: 3213
Maybe creating some sort of bot that posts a warning until the topic is deleted may be a good idea. The reason I suggest this is because I saw that two users downloaded the wallet and asked questions about it in the thread after downloading. I am not sure if anyone contacted them or not after the thread was deleted, though I had to tell them/give them some tips to be safe if they were to have downloaded it. A solution should definitely be created to address this I think. I am happy to also monitor this thread and post warnings as soon as possible as they come by until a solution is created.
Thats not so easy as you think and write , because first the Fake Ann and the Malware link must be detected manually and integrated into the Bot.
And here is the next problem as they changing so often there Fake Github Links for the download and also the Thread title.
Before a bot is posting a warning (The idea is great dont understand me wrong) it is better to delete the thread instant.
For posting a warning in this kind of Threads there for we are here and thank you for have done it .
legendary
Activity: 1666
Merit: 1037
Hi. Great job on this thread. I made a warning post in the thread quoted as two users have downloaded the wallet file. Has it been scanned or is anymore information available about whether not it is malware and if so, what kind/specifications? I noticed that the thread from the post before this one was deleted, though I think you should post these warnings within the threads that aren't deleted yet to ensure no one falls victim in the meantime.
Posting Warnings is good thing but mostly you dont have the time for doing it and there are so much.

Maybe creating some sort of bot that posts a warning until the topic is deleted may be a good idea. The reason I suggest this is because I saw that two users downloaded the wallet and asked questions about it in the thread after downloading. I am not sure if anyone contacted them or not after the thread was deleted, though I had to tell them/give them some tips to be safe if they were to have downloaded it. A solution should definitely be created to address this I think. I am happy to also monitor this thread and post warnings as soon as possible as they come by until a solution is created.
legendary
Activity: 3136
Merit: 3213
Hi. Great job on this thread. I made a warning post in the thread quoted as two users have downloaded the wallet file. Has it been scanned or is anymore information available about whether not it is malware and if so, what kind/specifications? I noticed that the thread from the post before this one was deleted, though I think you should post these warnings within the threads that aren't deleted yet to ensure no one falls victim in the meantime.
Thanks , i have my one way to check that it is Malware and a Fake Ann , a little bit of experience to find this hacked and fake Accounts.
The best way is that you report this kind of threads or posts directly when you see them and normaly it gets fast deleted so nobody can click the Link.
Posting Warnings is good thing but mostly you dont have the time for doing it and there are so much.

According to any.run it's a remcos trojan
Any.run is a "malware hunting service" that provides free VMs where you can download and deploy the malware file and it is analysed.
Thanks Rizzrack for the explaining.
Pages:
Jump to: