Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 15. (Read 36657 times)

We have again a new Fake Ann with a new Fake Github Account for RadiumX !

Fake Github Account was created 2 days ago.

Fake Github Account  : github.com/Lolliediep/

And there are more Fake download and Malware files in there.

So i guess we will see more Fake Anns or posts for this files in the mining section in the threads soon also.

Account : s22606  <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in January 30, 2018, Hacked or sold Account
This user recently woke up from a long period of inactivity.

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode


This post is also a reference for the Github Report !

There is now a New Fake Ann Thread for Raptoreum with also a new Fake Github Account !

Fake Github Account was created 15 Hours ago !

Fake Github Account : github.com/Raptoreum-Core/
Original Github Account : github.com/Raptor3um/raptoreum

Account : oluaris      <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Last Post from this User was back in June 10, 2018, Hacked or sold Account

Fake Ann Thread : [ANN] Raptoreum - POW (GhostRider) | ASIC And FPGA Resistant | Mainnet Is Live

---

Original Thread :  [ANN] Raptoreum - POW (GhostRider) | ASIC And FPGA Resistant | Mainnet Is Live
User : Raptoreum


This post is also a reference for the Github Report !

Maybe a suggestion in Meta to enable some sort of "moderator review" with some sort of parameters (so that not all new threads have to be reviewed) that is open not just to moderators, but also to white-listed or established members like yourself who are actively watching these threads may be a good idea to combat the problem. The problem being that new members/inexperienced members are quick to try and get in on new coins at the moment they are announced, download the wallet, and then get infected...all before anyone who is knowledgeable enough discovers the thread is fake and the wallet is infected.

The review period could be a 24 hour/X time "hold" on the topic being published, where only available for legendary members (or some sort of membergroup) to be able to see so that the validity of the thread can be reviewed before the public sees it. To reduce the amount of threads caught in review, it can limit strictly to newbie members or also junior members. As it seems these are the ones who are mostly posting malicious content. Copper members excluded from review (as people who pay for the rights of Copper are less likely to waste it on an attempt to spread malware, I would assume) as are Full member and above (for a similar reason). Parameters about wake-up time can also be added.

Thats why write the Links here so Mitchell can add them to his Bot and also i write them here for a reference for the Github reports also .
And other Users can see them too when they maybe doing some research for the Links .
When i see them i report them dont worry on that , and its also a reference for the reports when i write them here.

I've moved it to the trashcan to mitigate the exposure, although I've escalated it to the global moderators to take further action, so shouldn't be long until that's done. As for the links, I'll probably formulate some sort of list, and report it to Mitchell periodically, however it does seem like they continue to just post new links, so will likely evade the bot. We might need to come up with a custom solution to detect these early, potentially. It's one of the reasons I'm for a shadow ban effect, maybe specifically for accounts looking to post links, rather than all newly registered accounts. I know that these accounts they're obtaining aren't new, which is part of the problem since they evade some of the moderators.

Although, keep reporting them, and we'll at the very least mitigate the exposure this gets. Thanks for doing your bit!

And we have again a new Fake Ann for RadiumX with a new Fake Github Account !
Looks like they are also hacking now github accounts or buy them.

Fake Github Account : github.com/safi71/

Account :  mbpinewatch   <----- Account is already locked or banned normaly
This user recently woke up from a long period of inactivity.
Last post from that Account was back in November 02, 2018 , Hacked or sold Account

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode  <---- Thread is already deleted


This post is also a reference for the Github Report !

Thats not so easy as you think and write , because first the Fake Ann and the Malware link must be detected manually and integrated into the Bot.
And here is the next problem as they changing so often there Fake Github Links for the download and also the Thread title.
Before a bot is posting a warning (The idea is great dont understand me wrong) it is better to delete the thread instant.
For posting a warning in this kind of Threads there for we are here and thank you for have done it .

Maybe creating some sort of bot that posts a warning until the topic is deleted may be a good idea. The reason I suggest this is because I saw that two users downloaded the wallet and asked questions about it in the thread after downloading. I am not sure if anyone contacted them or not after the thread was deleted, though I had to tell them/give them some tips to be safe if they were to have downloaded it. A solution should definitely be created to address this I think. I am happy to also monitor this thread and post warnings as soon as possible as they come by until a solution is created.

Thanks , i have my one way to check that it is Malware and a Fake Ann , a little bit of experience to find this hacked and fake Accounts.
The best way is that you report this kind of threads or posts directly when you see them and normaly it gets fast deleted so nobody can click the Link.
Posting Warnings is good thing but mostly you dont have the time for doing it and there are so much.

Thanks Rizzrack for the explaining.

According to any.run it's a remcos trojan
Any.run is a "malware hunting service" that provides free VMs where you can download and deploy the malware file and it is analysed.

Hi. Great job on this thread. I made a warning post in the thread quoted as two users have downloaded the wallet file. Has it been scanned or is anymore information available about whether not it is malware and if so, what kind/specifications? I noticed that the thread from the post before this one was deleted, though I think you should post these warnings within the threads that aren't deleted yet to ensure no one falls victim in the meantime.

We have again a new Fake Ann for RadiumX with a new Fake Github Account !

Fake Github Account : github.com/jasonfifa/

Account : voxdu12   <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Last post from that Account was back in October 05, 2019, Hacked or sold Account

Thread : [ANN] RadiumX New PoW coin . No ICO. No Masternode


This post is also a reference for the Github Report !

We have a new (old) Fake Ann gets posted with the radiumX title and its mostly copied from Woofcoin !

The Fake Github Account was created yesterday
Fake Github : github.com/radiumX-Main/

Account : wilkas  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Last Post of this Account was back in December 23, 2019, Hacked or sold Account

Thread : ⭐⭐⭐[ANN] RadiumX New PoW coin . No ICO. No Masternode⭐⭐⭐


This post is also a reference for the Github Report !

They changed the Fake Github for that Bitcointalk Wallet Malware download Link and there Thread ! 

Fake Github Account : github.com/BitcointalkWallet-Main

Account : rizkyalhabsy <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was back in February 13, 2021 , Hacked or sold Account

Thread : [ANN] Bitcointalk Wallet


This post is also a reference for the Github Report !

Thanks for keeping your eyes open and that you catched them  !

Looks like they are spamming the Altcoins Ann section again with there Fake Anns and Malware Links !
Found another one already !

Fake Github Account : github.com/BitcointalkWallet-project

Account : Hypocalese <--- Please ban or Lock that Account and delete the Thread
The last post from that User was back in January 18, 2019 , hacked or sold Account  !
This user recently woke up from a long period of inactivity.

Thread : [ANN] Bitcointalk Wallet


This post is also a reference for the Github Report !

Looks like I was able to catch a new Fake Ann with " [ANN] Bitcointalk Wallet " and a new Fake Github Account!

The Fake Github: https://github.com/BitcointalkWallet-project
The download link in the Topic and on this Fake Github has Malware in it.

The Account that posted the Thread was made in 2017, so probably a Hacked or sold Account
This user recently woke up from a long period of inactivity.

Account : fernandoelis1  <--- Please ban or Lock that Account and delete the Thread

Thread : [ANN] Bitcointalk Wallet

An we got and have a new Fake Ann with " [ANN] Bitcointalk Wallet " and a new Fake Github Account !

The Fake Github was created yesterday : github.com/BitcointalkWallet/
The download link in the Topic and on this Fake Github has Malware in it.
The Topic is selfmoderated.

And there is the same sign as for the other Fake Github Accounts we got lately
In the Read me file there is " Hi there 👋 "

We got that in this Fake Githubs also here :

The Account that posted the Thread was last time active in September 07, 2018, Hacked or sold Account
This user recently woke up from a long period of inactivity.

Account : swami84  <--- Please ban or Lock that Account and delete the Thread

Thread : [ANN] Bitcointalk Wallet


This post is also a reference for the Github Report !

And we have and got again new Fake Anns posted with Coinname WoofCoin !

They changed the Fake Github from github.com/Woof-Coin to github.com/WOOFCoincore
The Fake Github Account was created already an Week ago.

Fake Github Accounts :
github.com/Woof-Coin
github.com/WOOFCoincore
github.com/WoofCoin-Core
github.com/Woof-Core

Account : fortune1002 <---- Account is already banned and the thread is deleted
Last post from that User was back in August 10, 2021 , Hacked or sold Account


This post is also a reference for the Github Report !

And we have and got again new Fake Anns posted with Coinname CROCOcoin !

The last Fake Github they used was github.com/CROCO-Coin and now they use the Fake Github github.com/CrocoCoin-Core/

The Fake Github Account was created yesterday.
Fake Github : github.com/CrocoCoin-Core/

Fake Ann : [ANN] CROCOcoin [Ghostrider / Masternode]  <--- Thread is already deleted

Account : Kc0r  <--- Please ban or lock that Account
This user recently woke up from a long period of inactivity.
Last post was made in May 21, 2020 , hacked or sold Account



This post is also a reference for the Github Report !

And we have a new Fake Github for the Phoenixminer Thread !

Fake Github Account : github.com/PhoenixMiner63
Real download link for PhoenixMiner : https://phoenixminer.info/downloads/

THe fake github account was created yesterday.

Account : johndj1987  <---- The Account is already banned and the post deleted.
Guess the Account was sold or hacked.
This user recently woke up from a long period of inactivity.


Account : Jppatel349  <---- Please ban or lock that Account and delete the post


This post is also a reference for the Github Report !