Pages:
Author

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 22. (Read 36688 times)

legendary
Activity: 3136
Merit: 3213
Next fake Github Account with Malware download for trexminer  !

New Fake Github : github.com/trexminer-TRex  <----- Please report all kind posts with that Link and if possible also on Github
Original Github : github.com/trexminer/T-Rex/releases

Account : teazy <------ Please ban and lock that Account and delete the post
The Account got hacked or sold and posting normaly only in the France board.

T-Rex 0.23.3 beta
url=https_://github.com/trexminer-TRex/T-Rex/releases/download/T-Rex/t-rex-0.23.3-win.zip]t-rex-0.23.3-win.zip[/url] Github
url=https_://github.com/trexminer-TRex/T-Rex/releases/download/T-Rex/t-rex-0.23.3-linux.tar.gz]t-rex-0.23.3-linux.tar.gz[/url] Github

This post is a reference for the Github report !
Report is already done .


Next Fake Github for PhoenixMiner !

Fake Github : github.com/Phoenixmine    <------ Github is deleted

Account : matthewoz101  <----- Please lock that Account and delete the post
Last post was done in February 04, 2020

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenixmine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenixmine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

Another Hacked or sold Account  !

Account : pedjo99 <----- Please lock that Account and delete the post
Last post was in July 23, 2020

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenixmin/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenixmin/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github
legendary
Activity: 3136
Merit: 3213
And there is a new Fake Github again for the PhoenixMiner  !

Fake Github : github.com/Phoenix-mine/  <------  Please report all kind of posts with that Link and also on Github

Looks like another hacked Account is posting it
Account : Knathein   <-----  Please ban and lock that account and delete the post
Last post was done on June 26, 2021 , hacked or sold account

Archived Post : https://archive.fo/wRfge

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenix-mine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenix-mine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

Please let us know if you have any problems or questions related to PhoenixMiner 5.8a

Another Account that got hacked or sold!

Account : userghost  <-----  Please ban and lock that account and delete the post

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Phoenix-mine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Phoenix-mine/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github

And there are new and other Fake Github Accounts now too

Fake Github : github.com/trexminer-corp
Original Github :github.com/trexminer
T-Rex 0.23.3 beta
url=https_://github.com/trexminer-corp/T-Rex/releases/download/T-Rex/t-rex-0.23.3-win.zip]t-rex-0.23.3-win.zip[/url] Github
url=https_://github.com/trexminer-corp/T-Rex/releases/download/T-Rex/t-rex-0.23.3-linux.tar.gz]t-rex-0.23.3-linux.tar.gz[/url] Github

Fake Github : github.com/Ethpill-corp/
Glad to see you new crypto software LHR-pill .
Download:
https_://github.com/Ethpill-corp/ethpill/releases/download/ETH/LHR-Pill.zip
Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
its the same files as for the others we got

This is also a reference for my Github report.
Report on Github is already done  !

Edit and Update :
All Github Accounts are banned and deleted now on Github
legendary
Activity: 3136
Merit: 3213
There is now again a new Fake Github for the PhoenixMiner thread and download  !

Fake Github : github.com/Poenix-build/   <------  Please report all kind of posts with that Link and also on Github
I already reported it on Github

Account E-commerce Token looks like hacked or sold <---- Please ban and lock that Account
Last post was done in December 06, 2017
This user recently woke up from a long period of inactivity.

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/Poenix-build/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url] Github
url=https_://github.com/Poenix-build/PhoenixMiner/releases/download/PhoenixMiner/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url] Github
Changes in version 5.8a :

Edit and Update :
The Fake Github Account is deleted and banned on Github now
legendary
Activity: 3136
Merit: 3213
Is this now an automated process or is manual reporting still required for known repeat scams?
The reporting Bot from Mitchell is catching them all and then they get deleted.
Mostly the bot is to fast for reporting as he catches the posts and threads from Keywords when they get posted.
I tried it a few times with the LHR Threads but its impossible do get them reported.
If they change there Github and starting posting again you can report them.
staff
Activity: 2436
Merit: 2347
I can't seem to report LHR pill fast enough. Twice in the last 2 days I've seen it within a minute of
being posted but by the time I click the submit button it's already gone.

Is this now an automated process or is manual reporting still required for known repeat scams?

Some posts, in particular the one you mentioned, may be processed automatically. But you can still send the report to the moderators, if you have time to do it before the message is deleted.
full member
Activity: 1421
Merit: 225
I can't seem to report LHR pill fast enough. Twice in the last 2 days I've seen it within a minute of
being posted but by the time I click the submit button it's already gone.

Is this now an automated process or is manual reporting still required for known repeat scams?
legendary
Activity: 3136
Merit: 3213
The ETH and LHR Pill posts and threads have a new Github thats 11 Hours old already !

Fake Github Account
Code:
https://github.com/Ethpill/eth/releases/tag/eth

Its the same file in there as on the others with Malware !
Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
Same Trojan and Virus : GenericRXAA-AA!47CE6E097BA2

This post is a reference for the report on Github also !
Report on Github is done.

Edit and Update :
Github Account is banned and deleted
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
how are new users getting infected/hacked ?
I'm hoping you can get the answer to that question Smiley It indeed doesn't make sense to use a hacked account only for one easily detected malware post, while it could have stayed under the radar for a while to carry out other scams.

tell him he should write in here when his Account is recovered and i will remove my Feedback on the Account .
I sent him the link to this topic already. If you ask me though: I think you can remove the feedback already. The post is gone, the account is locked, and only the real owner will get it back.
legendary
Activity: 3136
Merit: 3213
The account is locked so nobody can even login.
Was it locked by a Mod after the spam? It's not banned, so it doesn't show in modlog. The email address or password haven't been changed either, so as a user I can't see this lock anywhere.
This is the screenshot LM shared btw, so it's a ban and account was locked.

Removed the Image for privacy

The email address or password haven't been changed either, so as a user I can't see this lock anywhere.
Yeah, seems the hacker knows the way of forum account's security that it will be locked soon (by the owner) if he somehow change the password/email.
I reported the LogitechMouse Account instant when i have seen his post in the PhoenixMiner thread as i know that User,
and i already knowen after i readed the post that it was hacked .
bL4nkcode or LoyceV when you write with him , tell him he should write in here when his Account is recovered and i will remove my Feedback on the Account .
The most Accounts that got banned and reported was newbies .
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
The account is locked so nobody can even login.
Was it locked by a Mod after the spam? It's not banned, so it doesn't show in modlog. The email address or password haven't been changed either, so as a user I can't see this lock anywhere.
This is the screenshot LM shared btw, so it's a ban and account was locked.



The email address or password haven't been changed either, so as a user I can't see this lock anywhere.
Yeah, seems the hacker knows the way of forum account's security that it will be locked soon (by the owner) if he somehow change the password/email.

copper member
Activity: 783
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
...so as a user I can't see this lock anywhere.
No you cannot

That makes more sense than a regular user suddenly joining a long-term spammer scam.
LOL

I assume MindlessElectron still bans them, right? That explains why they need more senior accounts for their spam.
It is whooping their asses 24/7 indeed.
Older accounts I can understand with the database leak(s) and all, but how are new users getting infected/hacked ? Provided they don't download the malware-PILLs or something similar...
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Currently the account was banned and it should be lift somehow.
I received an email from someone asking to whitelist his alt, which I did now.

The account is locked so nobody can even login.
Was it locked by a Mod after the spam? It's not banned, so it doesn't show in modlog. The email address or password haven't been changed either, so as a user I can't see this lock anywhere.

Quote
It does look like his account was hacked.
That makes more sense than a regular user suddenly joining a long-term spammer scam.

Quote
Tell him to send an email and we'll look into it.
I told him that Smiley

Quote
There were over 400 of these posts in the Phoenix Miner thread in the last 3 days so yeah...
I assume MindlessElectron still bans them, right? That explains why they need more senior accounts for their spam.
copper member
Activity: 783
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
I get in touch with the owner of this account in telegram, he said it wasn't him which is probably true. I didn't see this guy interact on that thread and then suddenly the account posted like he owns the thread or somewhat related to the team/devs of phoenix miner, and regarding the previous reports this is a desperate attacks of the scammer/hackers to phoenix miner.

Currently the account was banned and it should be lift somehow.

The account is locked so nobody can even login. It does look like his account was hacked. Tell him to send an email and we'll look into it.

There were over 400 of these posts in the Phoenix Miner thread in the last 3 days so yeah...
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
And they have already a new Github again for the Fake PhoenixMiner download links !
Fake Github Account : github.com/PhoeixMiner-TeamDev   <----- Please report that account on Github again that it gets deleted !

And looks like a Account got hacked  @Rizzrack
Account : LogitechMouse   <----- Please lock that Account and delete the post
[...]
I get in touch with the owner of this account in telegram, he said it wasn't him which is probably true. I didn't see this guy interact on that thread and then suddenly the account posted like he owns the thread or somewhat related to the team/devs of phoenix miner, and regarding the previous reports this is a desperate attacks of the scammer/hackers to phoenix miner.

Currently the account was banned and it should be lift somehow.
full member
Activity: 1421
Merit: 225
There's another scam using the same github technique, the "LHR-pill"

Nice catch on that , and thanks for keeping your eyes open about that !
Alread report this one here also on Github
Fake Github Account :
Code:
https://github.com/LHR-Pill/LHR-DEVsoftware/releases/tag/lhr
Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
1 security vendor flagged this file as malicious
Virus and Malware name : GenericRXAA-AA!47CE6E097BA2
Also known and from the Family of Trojan-Banker.Win32.Emotet
Source : https://howtofix.guide/trojan-banker-win32-emotet/

Malware activity seems to be increasing.

There's on other very insidious technique I found. I think it's rare but it's worth noting. It requires a compromised,
but otherwise legitimate github account.

If the account has weak security settings a malfaisant can create a github account of his own and use it to hack
the poorly secured legitimate account to make changes. In the instance I saw the previously unused wiki was the
target of the attack. The legimate owner may not even notice if notifications aren't turned on or are not checked.

The wiki was updated to do one thing: redirect to the malware hosted elsewhere. Then a link was posted in the mining
board and it looks like it points to a legitimate github account, which it is, before redirecting to the malware.
The fake github account was not used to host the malware, it was only used as a side door into a legitimate github
account. The malware was hosted elsewhere.

This redirection could go on for some time without the user realizing he's being used. When I alerted the user in this case
he was unaware but took switft action.

As long as github users have proper security and don't allow just any user to make changes to their repo this can't
happen. But it did because it didn't.*

For those not fluent in englsih or are just not good with riddles my apologies, here's the long version:
But it [ the hack] did [happen] because it [the repo] didn't [have proper security].
legendary
Activity: 3136
Merit: 3213
And they have already a new Github again for the Fake PhoenixMiner download links !
Fake Github Account : github.com/PhoeixMiner-TeamDev   <----- Please report that account on Github again that it gets deleted !

And looks like a Account got hacked  @Rizzrack
Account : LogitechMouse   <----- Please lock that Account and delete the post

Archived post : https://archive.fo/wip/8Xb0A

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.8a  from  here:

url=https_://github.com/PhoeixMiner-TeamDev/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip]PhoenixMiner_5.8a_Windows.zip[/url]
url=https_://github.com/PhoeixMiner-TeamDev/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz]PhoenixMiner_5.8a_Linux.tar.gz[/url]

I already reported the Fake Github Account on Github again .



There's another scam using the same github technique, the "LHR-pill"

Nice catch on that , and thanks for keeping your eyes open about that !
Alread report this one here also on Github
Fake Github Account :
Code:
https://github.com/LHR-Pill/LHR-DEVsoftware/releases/tag/lhr
Virustotal : https://www.virustotal.com/gui/file/dda4e70bdc23e63483cc3f8d491367f914ea91041fad48d51d09befa2edfdba2
1 security vendor flagged this file as malicious
Virus and Malware name : GenericRXAA-AA!47CE6E097BA2
Also known and from the Family of Trojan-Banker.Win32.Emotet
Source : https://howtofix.guide/trojan-banker-win32-emotet/
full member
Activity: 1421
Merit: 225
There's another scam using the same github technique, the "LHR-pill"

Current example until the post is deleted:
https://bitcointalksearch.org/topic/--5361294

A copy of it with links sanitized:

Quote
Glad to see you new crypto software LHR-pill .
Now unlock up to 100% of the Ethereum mining performance of Nvidia�s Lite Hash Rate (LHR) series

In what could be bad news for anyone in the market for a new graphics card, as far as the changelog from the latest version of the NBMiner crypto currency mining software is concerned, the tool is now capable of unlocking up to 70% of the original GPU mining performance of the Nvidia Lite Hash rate series of GPUs for mining Ethereum

But our software will completely solve this problem. It is by far the best solution to the problem of LHR GPU's. The software does not lower and increases power consumption every second. therefore it is safe for your graphics cards. Work with Win7, Win10 (Not HiveOs,RaveOS and etc)

Download:
https colon slash slash github dot com slash LHR-Pill slash LHR-DEVsoftware slash releasesslash download slash lhrslash LHR-Pill.zip

How to use:

https colon slash slash i.imgur dot com slash Ww88c12.png

Run LHR-pill.exe
Wait when software detected yours GPU's
When you see message "worked" you can minimize window and start your miner

Support miners:
PhoenixMiner
Gminer
Trex
legendary
Activity: 3136
Merit: 3213
After the other Github Account got deleted they have now a new one !

Fake Github : github.com/PhoeixMiner-Dev-Team/  <------ Please report all kind of posts with that github and also on Github!
The Github was created 14 hours ago
The last one got deleted after i reported it in 1 Day

Also here all Accounts that posting it are registered April 30, 2021
The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.7c  from  here:

url=https_://github.com/PhoeixMiner-Dev-Team/PhoenixMiner/releases/download/5.7c/PhoenixMiner_5.7c_Windows.zip]PhoenixMiner_5.7c_Windows.zip[/url]
url=https_://github.com/PhoeixMiner-Dev-Team/PhoenixMiner/releases/download/5.7c/PhoenixMiner_5.7c_Linux.tar.gz]PhoenixMiner_5.7c_Linux.tar.gz[/url]
Changes in version 5.7c :

The  new  version  is  finally  ready.  You  can  download  PhoenixMiner  5.7c  from  here:

url=https_://github.com/PhoeixMiner-Dev-Team/PhoenixMiner/releases/download/5.7c/PhoenixMiner_5.7c_Windows.zip]PhoenixMiner_5.7c_Windows.zip[/url]
url=https_://github.com/PhoeixMiner-Dev-Team/PhoenixMiner/releases/download/5.7c/PhoenixMiner_5.7c_Linux.tar.gz]PhoenixMiner_5.7c_Linux.tar.gz[/url]

Looks like the bot from mitchell already catching them as they get deleted
Report on Github is done and hope it gets deleted soon.


Edit and Update:

The Github Account github.com/PhoeixMiner-Dev-Team got deleted and banned on Github.
legendary
Activity: 3136
Merit: 3213
And we have the next Version and a new Github for the Fake Miner Malware download Link for PhoenixMiner!
New Fake Github : https_://github.com/PhoenixBetaMiner/   <--- Please report this on Github also if possible so it gets deleted

User : koolturtle77  <-----  Please ban or lock that Account
Account was registered in April , possible hacked or sold

Archived post : https://archive.fo/mmlx1

The new version is finally ready. You can download PhoenixMiner 5.8a from here:

url=https_://github.com/PhoenixBetaMiner/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip]https_://phoenixminer.info/downloads/PhoenixMiner_5.8a_Windows.zip[/url]
url=https_://github.com/PhoenixBetaMiner/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz]https_://phoenixminer.info/downloads/PhoenixMiner_5.8a_Linux.tar.gz[/url]
Please let us know if you have any problems or questions related to PhoenixMiner 5.8a


And also another Fake Miner download Link here !

Fake Github : https_://github.com/Nebu-Tech/
Github Account was created 1 Hour ago

User : jaclarkbizz101  <----- Pleas ban or Lock that Account

Archived post : https://archive.fo/faqNH

New versions v40.0 with full LHR disable mode was released

url=https://github.com/Nebu-Tech/NBMiner/releases/download/NBMiner/NBMiner_40.0_Win.zip]https_://github.com/NebuTech/NBMiner/releases/download/v40.0/NBMiner_40.0_Win.zip[/url]
url=https://github.com/Nebu-Tech/NBMiner/releases/download/NBMiner/NBMiner_40.0_Linux.tgz]https_://github.com/NebuTech/NBMiner/releases/download/v40.0/NBMiner_40.0_Linux.tgz[/url]

LHR disable command :
-lhr  1 - yes (default), 0 - no

User : pennyamon.terrell <----- Pleas ban or Lock that Account
New versions v40.0 with full LHR disable mode was released

url=https_://github.com/Nebu-Tech/NBMiner/releases/download/NBMiner/NBMiner_40.0_Win.zip]https_://github.com/NebuTech/NBMiner/releases/download/v40.0/NBMiner_40.0_Win.zip[/url]
url=https_://github.com/Nebu-Tech/NBMiner/releases/download/NBMiner/NBMiner_40.0_Linux.tgz]https_://github.com/NebuTech/NBMiner/releases/download/v40.0/NBMiner_40.0_Linux.tgz[/url]


Have done a little research about all the Accounts that posting this links today and all are registered on April 30, 2021 and new Accounts !
Dont know if this helps to find more of them .

This are the Accounts i found and have reported:
Code:
koolturtle77
jaclarkbizz101
pennyamon.terrell
babyunicorn1001
lgstephens
fearexoofficial
spectrekimiko88
cristiancastillofonseca8
kimspain2008
coreyontop1
racutting
nalinasibakoti



Edit and update :

Code:
github.com/PhoenixBetaMiner 
github.com/Nebu-Tech[/b]

are now deleted on Github also and the Accounts there banned.
legendary
Activity: 3136
Merit: 3213
The fake Miner Software download links with malware in the PhoenixMiner thread has changed now !
They have a new Github Account now github.com/PhoenixMiner-Beta if possible please report them on Github also that it gets deleted.

User : jerryngm  <---- Please ban that User or lock the Account
Account last activity was back in 2016

Archived post : https://archive.fo/XYl9l   post gots deleted when i archived it

The new version is finally ready. You can download PhoenixMiner 5.8a from here:

Code:
https_://github.com/PhoenixMiner-Beta/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Windows.zip
https_://github.com/PhoenixMiner-Beta/PhoenixMiner/releases/download/5.8a/PhoenixMiner_5.8a_Linux.tar.gz
Pages:
Jump to: