Report Malware and Suspicious Links here so Mods can take Action ! - page 2.

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: N.O on October 21, 2024, 07:42:51 AM

We have found new Fake ANN thread with MALWARE Download links both Linux and Windows Please @Lafu sir check it

To be honest , i have seen that Thread earlier already and checked it and i was not sure about it.
Thats why i dont have reported it and the next thing is that it already exist for over an month now and i joined there Discord and there are around 270 Users.
From what i see it looks legit to me for now and i joined there Discord and have written to them there.

Not everything you you will see and have some detctions is straight a Fake Ann and an attempted try to hack other accounts or there PC.
About the detection from Virustotal : https://www.virustotal.com/gui/file/f432e3300b952c218df1acc2e1c47b90072d53ad0e1036b56c99f3c0b71755e3/detection

Yes there are 6 Detections and 4 of them are false positive as it is an Masternode Wallet.

I adressed this case and your report to them into there Discord as i still think that its not an Hacker attemped or a try for spreading Malware in the Forum.
So lets see what i get back for an answer or how they are react to that whole case as it loosk like there Account got banned on the Forum.

In the past i was also a few times wrong and Accounts got banned for a wrong reason.
But its better to report them first , and i will edit this post if i get some respond on discord or they maybe will be write here on the Forum again.

N.O

full member

Activity: 322

Merit: 188

We have found new Fake ANN thread with MALWARE Download links both Linux and Windows Please @Lafu sir check it

Account Link: MiraiNodes <<< Please Ban this account

Fake ANN: MiraiNodes - A Promising Future in Mobile Masternodes & Staking!

Quote from: ?? on ??

MIRAI

Code:

[url=https://github.com/mirainodes/MIRAI]GitHub Repository[/url]
Windows: https://github.com/mirainodes/MIRAI/releases/download/1.0/mirai-windows.zip
Linux: https://github.com/mirainodes/MIRAI/releases/download/1.0/mirai-linux.zip

https://www.virustotal.com/gui/file/f432e3300b952c218df1acc2e1c47b90072d53ad0e1036b56c99f3c0b71755e3/detection

https://www.virustotal.com/gui/file/664c1f3629a9ade46173ed4442260626b6233a258af1df795af4d7f3b09d7f00/detection

Edit:

This account DogemoneProject uploaded Malware download Wallet links in ANN topic see my Source.

Account Link: DogemoneProject Please Ban this account

ANN Topic: 🚀 [ANN] Dogemone (DME) - From CryptoNight to Alt Signed Proof-of-Work! 🚀

Quote from: DogemoneProject on October 21, 2024, 09:10:19 AM

Code:

https://github.com/hashhound/dogemone/releases
Wallets:
https://github.com/HashHound/Dogemone/releases/download/nightly-11424866682/ubuntu-20.04-build.zip
https://github.com/HashHound/Dogemone/releases/download/nightly-11424866682/macos-build.zip
https://github.com/HashHound/Dogemone/releases/download/nightly-11424866682/Build-Windows.zip

Source:

https://www.virustotal.com/gui/file/6c523bd268d456349f769e01a32e55f18b39112cb3cb69d9f3ed3f9e409e41da/detection

https://www.virustotal.com/gui/file/6d3a29a648ac8740c3bfd5e9ab67e383a4d0bc818308151fbe27c5a46c1d100a?nocache=1

https://www.virustotal.com/gui/file/a5be11ceed792598e38ff4fe24189549292017eacde17b6b7645c52d9ebcaf57/detection

Lafu

legendary

Activity: 3136

Merit: 3213

We have a new Fake Ann Thread with the same Fake Github Account and download Link this time for CodeBlock !

Fake Github Account 1: github.com/RadiumXMain/CodeBlock

Account : RoyaLunique <--- Please ban or Lock that Account and delete the Thread
Registered since April 04, 2016 and last post was in March 12, 2024, Hacked or sold Account :

Fake Ann Threads:
[ANN][SSPOS] CodeBlock Blockchain: Welcome to a New Era

Quote from: ?? on ??

CodeBlock

Code:

https://github.com/RadiumXMain/CodeBlock/releases/download/1.3.1/CodeBlock-wallet_v1.3.1.zip

New Fake Miner Thread

Fake Guthub Account was just created 1 hour ago.

Fake Github Account 2 : github.com/ALM-miner

Account : RoyaLunique <--- Please ban or Lock that Account and delete the Thread

Fake Ann Thread : ALM Best miner for ALEO

Quote from: ?? on ??

ALM Miner
Github:

Code:

https://github.com/ALM-miner/ALM/releases/download/1.0.2/alm-miner-win64-v1.0.2.zip

This post is also a reference for the Github Report !

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: N.O on October 20, 2024, 03:43:06 AM

We have a new Fake ANN thread with Malware Download link and Copper member Hacked/sold account post on Altcoinstalk Announcement board.
Please @Lafu sir check it.

Yes it was another Fake Ann and thank you for writing here and let us know.
Next time just write again here and take your post then as the refference for the report on that Post/Thread.
The Thread is already deleted.

For now there 7 Fake download Repositories on github.com/RadiumXMain

Code:

github.com/RadiumXMain/RadiumX
github.com/RadiumXMain/mulierum
github.com/RadiumXMain/Binarium
github.com/RadiumXMain/Limba
github.com/RadiumXMain/rigel
github.com/RadiumXMain/Typex
github.com/RadiumXMain/CodeBlock
github.com/RadiumXMain/STRONGS

N.O

full member

Activity: 322

Merit: 188

We have a new Fake ANN thread with Malware Download link and Copper member Hacked/sold account post on Altcoinstalk Announcement board. Please @Lafu sir check it.

Account Link: Rascal Token - This user recently woke up from a long period of inactivity. <<< Please ban this account
Fake ANN: [ANN] [TYPX] TYPEX - A secure & untraceable blockchain with AI applications

Quote from: ?? on ??

Code:

[b]Windows: [/b][url=https://github.com/RadiumXMain/Typex/releases/download/1.5.2/Typex-win64-v.1.5.2.zip]https://github.com/typex-coin/Typex/releases/download/1.5.2/Typex-win64-v.1.5.2.zip[/url]

Source: https://www.virustotal.com/gui/file/5eddb1402b0fe7f64bfe79134167370bf39c0d5c85cee839a7e4a7e7523fadbb/behavior

N.O

full member

Activity: 322

Merit: 188

Again Full Member hacked/inactive account posted Fake malware topic [ANN] Limba KawPow Masternode.

Account Link: SEELE^^01 This user recently woke up from a long period of inactivity. <<< Please Ban this account
Fake ANN: [ANN] Limba KawPow Masternode

Quote from: SEELE^^01 on October 19, 2024, 07:08:08 AM

Code:

[b]Windows:[/b] [url=https://github.com/RadiumXMain/Limba/releases/download/2.0.1/Limba-qt-win64-v2.0.1.zip]https://github.com/Limba/releases/download/1.1.2/LimbaWallet-Win64-v.1.1.2.zip[/url]

Lafu

legendary

Activity: 3136

Merit: 3213

We have a new Fake Ann Thread with an Malware download Link and a new Fake Github Account for [DATR] DataRecovery !

The Fake Github Account was just created yesterday and the Malware Wallet File uploaded 2 Hours ago.
If you try to download the Windows Wallet File you instant get a warning from Windows that this File haves a Virus or Malware in it.
So the Windows Wallet File is to 100% infected.

Fake Github : github.com/DataRecoveryCore

Account : DataRecovered <--- Please ban or Lock that Account and delete the Thread
The User Account was just created yesterday.

Fake Ann Thread: [ANN] [DATR] DataRecovery - recovery of sensitive information [GPU] [POW]

Quote from: ? on October 18, 2024, 08:29:11 AM

Specification
Name: DataRecovery
Algo: Blake2s
Total supply: 21,000,000 DATR

Source and wallets

Code:

Source: https://github.com/DataRecoveryCore/DataRecoveryCore
Wallets: https://github.com/DataRecoveryCore/DataRecoveryCore/releases/tag/0.0.1a

It looks like its an changed copy pasted Malware Version of this Project : [ANN] DatroMax: Blake2S Smartnode PoW Shaping the Future of Blockchain

Quote from: ? on October 13, 2024, 11:23:26 PM

DatroMax

Tokenomics Specifications
Blake2s Algorithm
21,000,000,000 Total Supply

https://github.com/datromax

This post is also a reference for the Github Report !

Edit 19.10.2024

Lates Version of the Fake Wallet File with lots of shady things.
Sandbox flags this file as: MALWARE

Code:

The sandbox CAPE Sandbox flags this file as: MALWARE
Powershell Defender Exclusion
Windows Defender Exclusions Added - PowerShell
Explorer Process Tree Break
POLICY-OTHER HTTP request by IPv4 address attempt

C:\Program Files (x86)\My Program\PersonalCommonInstall.exe"
C:\Users\\AppData\Local\Temp\militaryrespondpro\militaryrespondpro.exe"
C:\Windows\system32\cmd.exe" /C cd "C:\Users\\AppData\Local\Temp\PersonalCommonInstall" & "PersonalCommon.bat"

powershell -inputformat none -outputformat none -NonInteractive -ExecutionPolicy Bypass -Command Add-MpPreference -ExclusionPath $env:USERPROFILE

https://www.virustotal.com/gui/file/c8d00030bfddad74da561876e5f530eb0b863430f6839ec5c7ea0c1cde7db357/behavior

N.O

full member

Activity: 322

Merit: 188

Another junior account post fake [ANN] Limba KawPow Masternode topic

Account: BWC Market <<< Please Ban this account
Fake ANN: [ANN] Limba KawPow Masternode

Quote from: BWC Market on October 18, 2024, 05:50:26 AM

Code:

[b]Windows:[/b] [url=https://github.com/RadiumXMain/Limba/releases/download/2.0.1/Limba-qt-win64-v2.0.1.zip]https://github.com/Limba/releases/download/1.1.2/LimbaWallet-Win64-v.1.1.2.zip[/url]

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: N.O on October 16, 2024, 06:51:50 PM

This is my first report on this thread and I hope my report is correct. I noticed that newbie account add a malicious link to their topic in Announcements (Altcoins). Please @Lafu check it. I am right or wrong.
Topic: WagLayla [WALA] – ALGO [Walahash] - GPU – Based on Kaspa, Karlsen & Pyrin
Source: https://www.virustotal.com/gui/url/bce7ccfa1a1c0fd426c78b8176402ccdddcc080b53f3720afde8f61151619332

Hello N.O and thanks for write here in this Topic , the way you have written here is right but the Topic you mentioned is wrong.
Because you only checked the URL of the Webpage with virustotal and i see nothing wrong with that URL you have scanned.
For getting a fully scan of the Wallet file you have to download it and then upload it to virustotal.

On your last post yes you was right and it got already deleted , thank you.

Quote from: $crypto$ on October 16, 2024, 11:44:51 PM

Now they come again with a thread in self-moderation, the Github account github.com/RadiumXMain again created a Repository with the name Limba clearly believes that they continue to spread on the forum, we must not allow it even though several times have reported this fake Github but have not been blocked.

For sure they come back and it will be not take long and they have maybe a new Fake Github Account.
The best way to deal with Fake Github Accounts is to report them on Github and take your post here as an reference.
Mostly the Github is quick and they delete this Accounts but sometimes it takes weeks for it.

N.O

full member

Activity: 322

Merit: 188

Quote from: $crypto$ on October 16, 2024, 11:44:51 PM

Account: kesmex This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: [ANN] Limba KawPow Masternode

Another guy published fake ann Topic of [ANN] Limba KawPow Masternode few hours ago please banned this account also.

Account: ldcomp
Fake ANN: [ANN] Limba KawPow Masternode

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Quote from: Lafu on October 16, 2024, 04:51:54 PM

The Fake Github Account github.com/RadiumXMain is only 2 weeks old and maybe we will see more of that in the next weeks.
I have seen that Fake Anns too but you guys was faster , thank you and i hope at some time we can catch the one who is all behind them.
I am on it and there are already some results but some Laws in on other countries are blocking the final strike against the person to get the personal Details and all.
But i am on it and hopefully together we can catch him and end this all.

Now they come again with a thread in self-moderation, the Github account github.com/RadiumXMain again created a Repository with the name Limba clearly believes that they continue to spread on the forum, we must not allow it even though several times have reported this fake Github but have not been blocked.

Account: kesmex This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: [ANN] Limba KawPow Masternode

N.O

full member

Activity: 322

Merit: 188

This is my first report on this thread and I hope my report is correct. I noticed that newbie account add a malicious link to their topic in Announcements (Altcoins). Please @Lafu check it. I am right or wrong.

Account: layla-wagamoto

Topic: WagLayla [WALA] – ALGO [Walahash] - GPU – Based on Kaspa, Karlsen & Pyrin

Quote from: ?? on ??

Code:

Node Setup: https://waglayla.com/setup_node
Wagpaper: https://waglayla.com/wagpaper

Source: https://www.virustotal.com/gui/url/a0c900d929519224a03bb3ea9ec47a5d69ea273fd0cb4b2239583e6a61ee3649

Source: https://www.virustotal.com/gui/url/bce7ccfa1a1c0fd426c78b8176402ccdddcc080b53f3720afde8f61151619332

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: Ms_Mining on October 15, 2024, 05:38:22 AM

Code:

https://github.com/RadiumXMain/RadiumX/releases/download/v2.0.3/RadiumX_win64_v2.0.3.zip

Quote from: $crypto$ on October 16, 2024, 01:46:03 AM

Binarium Fake Thread

Thanks guys for keeping your eyes open and reporting this kind of Fake Anns and also for write that here so that everybody knows it , really appreciate that very much.
Looks like they are back with creating new Fake Github Accounts and using that for multiple Fake Wallet download.

The Fake Github Account github.com/RadiumXMain is only 2 weeks old and maybe we will see more of that in the next weeks.
I have seen that Fake Anns too but you guys was faster , thank you and i hope at some time we can catch the one who is all behind them.
I am on it and there are already some results but some Laws in on other countries are blocking the final strike against the person to get the personal Details and all.
But i am on it and hopefully together we can catch him and end this all.

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

FAKE ANN

Account: Krendom This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider

Quote from: Krendom on October 16, 2024, 12:28:49 AM

Code:

[b]Linux:[/b] [url=https://github.com/RadiumXMain/mulierum/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz]https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz[/url]
[b]Windows:[/b] [url=https://github.com/RadiumXMain/mulierum/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip]https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip[/url]

Binarium Fake Thread

Account: Bitcoinislifer09 This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: [ANN] Binarium |GhostRider| Cryptocurrency protected from ASICs

Quote from: Bitcoinislifer09 on October 16, 2024, 11:30:04 AM

Code:

[b]Linux:[/b] [url=https://github.com/RadiumXMain/Binarium/releases/download/1.0.1/Binarium-linux-v.1.0.1.tar.gz]https://github.com/Binarium-coin-project/Binarium/releases/download/1.0.1/Binarium-linux-v.1.0.1.tar.gz[/url]
[b]Windows:[/b] [url=https://github.com/RadiumXMain/Binarium/releases/download/1.0.1/Binarium-win64-v.1.0.1.zip]https://github.com/Binarium-coin-project/Binarium/releases/download/1.0.1/Binarium-win64-v.1.0.1.zip[/url]

Ms_Mining

member

Activity: 205

Merit: 43

✔️ Telegram @miningrelease

Account: aji471 <= Please Banned
Fake Ann topic: [ANN] RadiumX New PoW coin . No ICO. No Masternode

Quote from: aji471 on October 15, 2024, 05:19:50 AM

Wallets

Code:

https://github.com/RadiumXMain/RadiumX/releases/download/v2.0.3/RadiumX_win64_v2.0.3.zip

Site

Code:

radiumxcoin.info (in maintenance)

Lafu

legendary

Activity: 3136

Merit: 3213

We have a new Fake Ann Thread with an Fake Webpage and a Malware download there for [CCCN] Cococoin !

Fake Webpage :

Code:

https://cocomemefun.net/

On the Page there is a Link to a Github Account that is only 5 days old and nothing in there.
Fake Github : github.com/coco-meme

On the Webpage there is a download for the Wallet.

Code:

https://download.cocomemefun.net/files/cococoin-qt-windows.zip

And here its getting interesting , when you download the Wallet File and install and run it a lot of things will be happen.
Malware detected : Win64:Evo-gen [Trj]

Code:

Drops script at startup location
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Dot net compiler compiles file from suspicious location
Suspicious DNS Query for IP Lookup Service APIs
PowerShell Script Run in AppData
Startup Folder File Write
Unsigned DLL Loaded by Windows Utility
Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location

Code:

SSLBL: Traffic to malicious host (likely QuasarRAT C&C traffic) <--- A Network Trojan was detected
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
ET MALWARE Generic AsyncRAT Style SSL Cert
SSLBL: Malicious SSL certificate detected (QuasarRAT C&C)

Source : https://www.virustotal.com/gui/file/bbf26e9b118b49791296baf3eca4442de993b2e5931acfa2eb7fe10c0b6d4811/behavior

Account : Anevigra <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 04, 2021 and not a single post , Hacked or sold Account

Fake Ann Thread : [ANN] [CCCN] Cococoin – The Funniest Meme Coin of the Decade! 🐔🚀

Quote from: ?? on ??

Cococoin – The Funniest Meme Coin of the Decade

Code:

Download a CCCN Wallet: https://cocomemefun.net

There are more results and investigation about more and other Hacked Accounts i cant post for now but i will write a pm to Cyrus.

Ms_Mining

member

Activity: 205

Merit: 43

✔️ Telegram @miningrelease

Account: chekamarue <= Please Banned
Fake Ann topic: [ANN] RadiumX New PoW coin . No ICO. No Masternode

Quote from: chekamarue on September 30, 2024, 07:21:58 AM

Wallet Address Prefix: P

Wallets

Code:

https://github.com/RadiumXMain/RadiumX/releases/download/v2.0.3/RadiumX_win64_v2.0.3.zip

Lafu

legendary

Activity: 3136

Merit: 3213

We have a new Fake Ann Thread with an already used Fake Github download Link with Malware for Mulierum again !

Fake Github : github.com/mulierum

The Fake Wallet download file is still the same 114 MB size big.

Account : MSAS <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since May 07, 2016 and last post was back in December 14, 2018 , Hacked or sold Account

Fake Ann Thread : [ANN] Mulierum | POW | GhostRider

Quote from: ?? on ??

Wallet:

Code:

https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz

This post is also a reference for the Github Report !

BlackBoss_

sr. member

Activity: 602

Merit: 387

Rollbit is for you. Take $RLB token!

A download file in this post https://bitcointalksearch.org/topic/--5510016 can be malicious.

I checked with Virustotal with URL checking, it's clean. I don't want to download the file and check it with Virustotal but a newbie share a download file is very suspicious.

Code:

Download https://mega.nz/file/HWh0zIoZ#kYdT27HIvOpMGlxX7V28es-5pVNJfSNkhVqBJuGZ0Lo

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

It's like the Mulierum virus is back, this time from a hacked account. Be vigilant and keep reporting the fake Github.

Account: theseratio This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider

Quote from: theseratio on September 15, 2024, 05:15:22 AM

Code:

[b]Windows:[/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux:[/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 2. (Read 36997 times)