Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 22. (Read 36688 times)

Next fake Github Account with Malware download for trexminer  !

New Fake Github : github.com/trexminer-TRex  <----- Please report all kind posts with that Link and if possible also on Github
Original Github : github.com/trexminer/T-Rex/releases

Account : teazy <------ Please ban and lock that Account and delete the post
The Account got hacked or sold and posting normaly only in the France board.


This post is a reference for the Github report !
Report is already done .

---

Next Fake Github for PhoenixMiner !

Fake Github : github.com/Phoenixmine    <------ Github is deleted

Account : matthewoz101  <----- Please lock that Account and delete the post
Last post was done in February 04, 2020


Another Hacked or sold Account  !

Account : pedjo99 <----- Please lock that Account and delete the post
Last post was in July 23, 2020

And there is a new Fake Github again for the PhoenixMiner  !

Fake Github : github.com/Phoenix-mine/  <------  Please report all kind of posts with that Link and also on Github

Looks like another hacked Account is posting it
Account : Knathein   <-----  Please ban and lock that account and delete the post
Last post was done on June 26, 2021 , hacked or sold account

Archived Post : https://archive.fo/wRfge


Another Account that got hacked or sold!

Account : userghost  <-----  Please ban and lock that account and delete the post


And there are new and other Fake Github Accounts now too

Fake Github : github.com/trexminer-corp
Original Github :github.com/trexminer

Fake Github : github.com/Ethpill-corp/
Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
its the same files as for the others we got

This is also a reference for my Github report.
Report on Github is already done  !

Edit and Update :
All Github Accounts are banned and deleted now on Github

There is now again a new Fake Github for the PhoenixMiner thread and download  !

Fake Github : github.com/Poenix-build/   <------  Please report all kind of posts with that Link and also on Github
I already reported it on Github

Account E-commerce Token looks like hacked or sold <---- Please ban and lock that Account
Last post was done in December 06, 2017
This user recently woke up from a long period of inactivity.


Edit and Update :
The Fake Github Account is deleted and banned on Github now

The reporting Bot from Mitchell is catching them all and then they get deleted.
Mostly the bot is to fast for reporting as he catches the posts and threads from Keywords when they get posted.
I tried it a few times with the LHR Threads but its impossible do get them reported.
If they change there Github and starting posting again you can report them.

Some posts, in particular the one you mentioned, may be processed automatically. But you can still send the report to the moderators, if you have time to do it before the message is deleted.

I can't seem to report LHR pill fast enough. Twice in the last 2 days I've seen it within a minute of
being posted but by the time I click the submit button it's already gone.

Is this now an automated process or is manual reporting still required for known repeat scams?

The ETH and LHR Pill posts and threads have a new Github thats 11 Hours old already !

Fake Github Account

Its the same file in there as on the others with Malware !
Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
Same Trojan and Virus : GenericRXAA-AA!47CE6E097BA2

This post is a reference for the report on Github also !
Report on Github is done.

Edit and Update :
Github Account is banned and deleted

I'm hoping you can get the answer to that question It indeed doesn't make sense to use a hacked account only for one easily detected malware post, while it could have stayed under the radar for a while to carry out other scams.

I sent him the link to this topic already. If you ask me though: I think you can remove the feedback already. The post is gone, the account is locked, and only the real owner will get it back.

I reported the LogitechMouse Account instant when i have seen his post in the PhoenixMiner thread as i know that User,
and i already knowen after i readed the post that it was hacked .
bL4nkcode or LoyceV when you write with him , tell him he should write in here when his Account is recovered and i will remove my Feedback on the Account .
The most Accounts that got banned and reported was newbies .

This is the screenshot LM shared btw, so it's a ban and account was locked.



Yeah, seems the hacker knows the way of forum account's security that it will be locked soon (by the owner) if he somehow change the password/email.

No you cannot

LOL

It is whooping their asses 24/7 indeed.
Older accounts I can understand with the database leak(s) and all, but how are new users getting infected/hacked ? Provided they don't download the malware-PILLs or something similar...

I received an email from someone asking to whitelist his alt, which I did now.

Was it locked by a Mod after the spam? It's not banned, so it doesn't show in modlog. The email address or password haven't been changed either, so as a user I can't see this lock anywhere.

That makes more sense than a regular user suddenly joining a long-term spammer scam.

I told him that

I assume MindlessElectron still bans them, right? That explains why they need more senior accounts for their spam.

The account is locked so nobody can even login. It does look like his account was hacked. Tell him to send an email and we'll look into it.

There were over 400 of these posts in the Phoenix Miner thread in the last 3 days so yeah...

I get in touch with the owner of this account in telegram, he said it wasn't him which is probably true. I didn't see this guy interact on that thread and then suddenly the account posted like he owns the thread or somewhat related to the team/devs of phoenix miner, and regarding the previous reports this is a desperate attacks of the scammer/hackers to phoenix miner.

Currently the account was banned and it should be lift somehow.

Malware activity seems to be increasing.

There's on other very insidious technique I found. I think it's rare but it's worth noting. It requires a compromised,
but otherwise legitimate github account.

If the account has weak security settings a malfaisant can create a github account of his own and use it to hack
the poorly secured legitimate account to make changes. In the instance I saw the previously unused wiki was the
target of the attack. The legimate owner may not even notice if notifications aren't turned on or are not checked.

The wiki was updated to do one thing: redirect to the malware hosted elsewhere. Then a link was posted in the mining
board and it looks like it points to a legitimate github account, which it is, before redirecting to the malware.
The fake github account was not used to host the malware, it was only used as a side door into a legitimate github
account. The malware was hosted elsewhere.

This redirection could go on for some time without the user realizing he's being used. When I alerted the user in this case
he was unaware but took switft action.

As long as github users have proper security and don't allow just any user to make changes to their repo this can't
happen. But it did because it didn't.*

For those not fluent in englsih or are just not good with riddles my apologies, here's the long version:
But it [ the hack] did [happen] because it [the repo] didn't [have proper security].

And they have already a new Github again for the Fake PhoenixMiner download links !
Fake Github Account : github.com/PhoeixMiner-TeamDev   <----- Please report that account on Github again that it gets deleted !

And looks like a Account got hacked  @Rizzrack
Account : LogitechMouse   <----- Please lock that Account and delete the post

Archived post : https://archive.fo/wip/8Xb0A


I already reported the Fake Github Account on Github again .

---

Nice catch on that , and thanks for keeping your eyes open about that !
Alread report this one here also on Github
Fake Github Account :
Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
1 security vendor flagged this file as malicious
Virus and Malware name : GenericRXAA-AA!47CE6E097BA2
Also known and from the Family of Trojan-Banker.Win32.Emotet
Source : https://howtofix.guide/trojan-banker-win32-emotet/

There's another scam using the same github technique, the "LHR-pill"

Current example until the post is deleted:
https://bitcointalksearch.org/topic/--5361294

A copy of it with links sanitized:

After the other Github Account got deleted they have now a new one !

Fake Github : github.com/PhoeixMiner-Dev-Team/  <------ Please report all kind of posts with that github and also on Github!
The Github was created 14 hours ago
The last one got deleted after i reported it in 1 Day

Also here all Accounts that posting it are registered April 30, 2021


Looks like the bot from mitchell already catching them as they get deleted
Report on Github is done and hope it gets deleted soon.

---

Edit and Update:
The Github Account github.com/PhoeixMiner-Dev-Team got deleted and banned on Github.

And we have the next Version and a new Github for the Fake Miner Malware download Link for PhoenixMiner!
New Fake Github : https_://github.com/PhoenixBetaMiner/   <--- Please report this on Github also if possible so it gets deleted

User : koolturtle77  <-----  Please ban or lock that Account
Account was registered in April , possible hacked or sold

Archived post : https://archive.fo/mmlx1

---

And also another Fake Miner download Link here !

Fake Github : https_://github.com/Nebu-Tech/
Github Account was created 1 Hour ago

User : jaclarkbizz101  <----- Pleas ban or Lock that Account

Archived post : https://archive.fo/faqNH


User : pennyamon.terrell <----- Pleas ban or Lock that Account

---

Have done a little research about all the Accounts that posting this links today and all are registered on April 30, 2021 and new Accounts !
Dont know if this helps to find more of them .

This are the Accounts i found and have reported:

---

Edit and update :


are now deleted on Github also and the Accounts there banned.

The fake Miner Software download links with malware in the PhoenixMiner thread has changed now !
They have a new Github Account now github.com/PhoenixMiner-Beta if possible please report them on Github also that it gets deleted.

User : jerryngm  <---- Please ban that User or lock the Account
Account last activity was back in 2016

Archived post : https://archive.fo/XYl9l   post gots deleted when i archived it