Report Malware and Suspicious Links here so Mods can take Action ! - page 25.

PhoenixMiner

full member

Activity: 357

Merit: 101

Quote from: SiNeReiNZzz on March 08, 2021, 02:41:53 PM

....
I also find it very unusual that the OP, after my negative feedback, has never commented on that matter in any case.
....

  Our bad, we were probably too complacent, but we are commenting now: no malware was ever posted from our account. The recent s**tstorm was caused by NiceHash when they saw an opportunity to smear us, and steer their users to their in-house miner instead. Here is our quite long overview about this: https://bitcointalksearch.org/topic/m.56526051

  MEGA deleted our account but as far as we know they never tried to replace the actual legitimate files with something malicious (even NiceHash admitted so, when pressed if they were distributing a fake version of PhoenixMiner). Just to be on the safe side, we removed all (now dead) links to MEGA from our messages.

  There is constant stream of newbie accounts posting fake "new versions" and "hotfixes" of PhoenixMiner in our thread but certainly you can't hold us responsible for everything that is posted there?

  And now there is another one but this time from seemingly reputable user. We don't know if the account is hacked, or the user is really pushing this fake, and most probably malicious release of PhoenixMiner

User : JorisK

Post : https://bitcointalksearch.org/topic/phoenixminer-62c-fastest-ethereumethash-miner-with-lowest-devfee-winlinux-2647654

Quote

Check this

PhoenixMiner 5.5d - hotfix available

Notes

-Greatly improved the work of video cards with 4 gb

-Fixed global problems for video cards from Nvidia/AMD
-Fixed errors and crashes when the miner was running
-Improved work on Win7 and 10xx series video cards
-Increased hashrate on video cards series 20xx,30xx
-Increased hashrate on Ethash by an average of 10%
-Increased hashrate on ETCHash by an average of 7%
-Improved the work of the miner in general

Download
Windows: [removed url]
Linux: [removed url]

[mod note: removed potentially malicious URLs for an already deleted post]

sabotag3x

legendary

Activity: 2688

Merit: 2297

Crypto Swap Exchange

Quote from: SiNeReiNZzz on March 08, 2021, 02:41:53 PM

I also find it very unusual that the OP, after my negative feedback, has never commented on that matter in any case.

I guess you were not a member of DT at the time.. Or they just don't care..

Rizzrack

copper member

Activity: 783

Merit: 710

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: SiNeReiNZzz on March 08, 2021, 02:41:53 PM

Everyone should just type the keyword "PhoenixMiner" in the Google search and see what controversies revolve around it.

This software has nevertheless attracted negative attention several times in constant connection with suspicious activities.
And at least unknown third parties distribute malicious code with it.

For me it remains suspicious. And I do not recommend its use!
Especially for newcomers, who might be in contact with the topic of mining for the first time and might be naive in terms of validation of a trustworthy source of data.

Have a look at the last ~11 pages in the PhoenixMiner thread. Might explain the recent negative attention
If not I believe this post says enough:

Quote from: djeZo on March 07, 2021, 07:23:06 PM

Probably due the hurry our NiceHash Miner dev didn't update GitHub repo, it was very important to make new plugin ver which killed PhoenixMiner. It is Sunday... people usually don't work on sunday. Anyway, it is just C#, easily decompilable, you can check whats inside even if you don't have the source. Are you happy with the answer? Why do you think NiceHash is here just to f*ck everyone? Please, imagine that there is really malware in PhoenixMiner, proved, what do you think would happen with NiceHash? Everyone would be blaming us saying "You distributed PhoenixMiner!" These EULAs that people have to agree to mean jack shit when it explodes, people don't care what is written on paper, people become like animals, only actions count. We had to make this announcement to protect NiceHash.

Quote from: SiNeReiNZzz on March 08, 2021, 02:41:53 PM

Quote from: https://www.file.net/prozess/phoenixminer.exe.html (TRANSLATED)

The process known as PhoenixMiner.exe appears to belong to software NiceHash Miner by unknown.

Description: PhoenixMiner.exe is not essential for Windows and will often cause problems. PhoenixMiner.exe is located in a subfolder of the user's profile folder - e.g. C:\User\NAME\Desktop\PhoenixMiner_4.0b_Windows\
Known file sizes on Windows 10/8/7/XP are 6509568 bytes (66% of all occurrences) or 7797248 bytes
https://www.file.net/prozess/phoenixminer.exe.html
The application has no visible window.
There is no file description.
The file is not a Windows system file.
PhoenixMiner.exe is able to monitor applications and manipulate other programs.
Therefore, we rate this file 89% dangerous, but compare this rating with member opinions.

- The process known as PhoenixMiner.exe appears to belong to software NiceHash Miner by unknown ... just means it does not have an EV code signing certificate. No big deal as they provide hash for each release
- not an essential software for Windows ... no sh*t Cheesy

- no visible window ... runs in cmd
- not a Windows system file ... lol Cheesy

- is able to monitor applications and manipulate other programs ... miners do what miners do

P.S. I am not trying to convince anyone. DYOR ! I am not even mining but just expressing my personal conclusion after recent events (NiceHash vs PhoenixMiner vs Mega.nz vs "the tons of accounts spreading infected PhoenixMiner releases")

P.S.2 NiceHash also has ethlargement pill option built in it's release. You can also check how many users with malware version of that posted here also

SiNeReiNZzz

legendary

Activity: 1022

Merit: 1043

αLPʜα αɴd ΩMeGa

The Virustotal link is only for further validation.
Everyone should just type the keyword "PhoenixMiner" in the Google search and see what controversies revolve around it.

I also find it very unusual that the OP, after my negative feedback, has never commented on that matter in any case.

In addition, it is not mentioned in any sentence that I have published a 100% proven accusation!
Because as the title of the thread here already says, they are SUSPICIOUS links. And let's assume that there is no malicious intent here.
This software has nevertheless attracted negative attention several times in constant connection with suspicious activities.
And at least unknown third parties distribute malicious code with it.

For me it remains suspicious. And I do not recommend its use!
Especially for newcomers, who might be in contact with the topic of mining for the first time and might be naive in terms of validation of a trustworthy source of data.

Quote from: https://www.file.net/prozess/phoenixminer.exe.html (TRANSLATED)

The process known as PhoenixMiner.exe appears to belong to software NiceHash Miner by unknown.

Description: PhoenixMiner.exe is not essential for Windows and will often cause problems. PhoenixMiner.exe is located in a subfolder of the user's profile folder - e.g. C:\User\NAME\Desktop\PhoenixMiner_4.0b_Windows\
Known file sizes on Windows 10/8/7/XP are 6509568 bytes (66% of all occurrences) or 7797248 bytes
https://www.file.net/prozess/phoenixminer.exe.html
The application has no visible window.
There is no file description.
The file is not a Windows system file.
PhoenixMiner.exe is able to monitor applications and manipulate other programs.
Therefore, we rate this file 89% dangerous, but compare this rating with member opinions.

lautre

jr. member

Activity: 45

Merit: 1

@SiNeReiNZzz did you even read the virustotal that you posted lol? Are you going to report all miners? if you posted more reports like that they all should be canceled, who validated that report?!

Lafu

legendary

Activity: 3136

Merit: 3213

And here we go !
They moved all there files and stuff to github now , the only thing i think about that there files got deleted on MEGA is that somebody has reported the files ,
as the other files with Malware got reported there also .
But anyway i think its the best solution that can be for the original files , as its hard now for other Malware links to copy them !

The Thread gots edited today

Quote from: PhoenixMiner on December 26, 2017, 02:14:26 AM

IMPORTANT! MEGA terminated our account without any explanation and we are in the process of moving to other hosting solutions. Read here for more information and for the checksums with which to check the integrity of PhoenixMiner if you have downloaded it from other location.
We are moving our binaries to github.com as a first temporary solution, and we will be setting up a few more backup hosting options in case github also caves under pressure. Here is the link to our github.com account:

https://github.com/PhoenixMinerDevTeam/PhoenixMiner/releases/

We will be removing all MEGA links from our posts in case that MEGA goes evil and starts distribute fake binaries in the future. From now on, MEGA is no longer an official place for distribution of the past and new versions of PhoenixMiner.

@SiNeReiNZzz

I also would say you should review your Feedback on the original Thread starter for PhoenixMiner as it is unwarranted as Rizzrack have already written.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Rizzrack on March 08, 2021, 06:26:45 AM

Quote from: sabotag3x on March 07, 2021, 05:30:01 PM

Quote from: SiNeReiNZzz on November 25, 2020, 09:24:38 PM

Hey @SiNeReiNZzz, could you please review your neg trust on @PhoenixMiner?

Any antivirus will accuse any miner of being.. a miner..

There is an ongoing malware campaign with fake PhoenixMiner binaries that contain malware. Most advertise "PhoenixMiner 5.5d" which is not even launched, latest one is 5.5c.

There were tens of thousands of posts with this, all deleted, that direct to a mega.nz link. Different from the OP https://bitcointalksearch.org/topic/m.26969355

I would assume this is one of the reasons the real Phoenix mega.nz folder was deleted.

Personally I don't think that the OP of the Phoenix thread has something to do with this and the negative feedback does seem unwarranted

Slightly OT but I never understood why they used mega instead of github till now. Or GitLab / BitBucket / SourceForge or any of a dozen other places.
Or I don' know, since they are charging a dev fee how about just getting their own domain and hosting it themselves.

Because in the end, not having the files on a PhoenixMiner domain really does make it easier for the malware people to post a mega (or whatever) link and have some people believe it.

-Dave

Rizzrack

copper member

Activity: 783

Merit: 710

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: sabotag3x on March 07, 2021, 05:30:01 PM

Quote from: SiNeReiNZzz on November 25, 2020, 09:24:38 PM

Hey @SiNeReiNZzz, could you please review your neg trust on @PhoenixMiner?

Any antivirus will accuse any miner of being.. a miner..

There is an ongoing malware campaign with fake PhoenixMiner binaries that contain malware. Most advertise "PhoenixMiner 5.5d" which is not even launched, latest one is 5.5c.

There were tens of thousands of posts with this, all deleted, that direct to a mega.nz link. Different from the OP https://bitcointalksearch.org/topic/m.26969355

I would assume this is one of the reasons the real Phoenix mega.nz folder was deleted.

Personally I don't think that the OP of the Phoenix thread has something to do with this and the negative feedback does seem unwarranted

sabotag3x

legendary

Activity: 2688

Merit: 2297

Crypto Swap Exchange

Quote from: SiNeReiNZzz on November 25, 2020, 09:24:38 PM

PhoenixMiner 5.2e: fastest Ethereum/Ethash miner with lowest devfee (Win/Linux)

After I stumbled across a malware infected update earlier, I checked the link with the files in the OP again.
And behold, even though the OP took a lot of merit and is from 2017, it now leads to files that are more than full of malware! (See VirusTotal-Scan)

Thread/Post: https://bitcointalksearch.org/topic/m.26969355 <---- DELETE PLEASE

Virus Total: https://www.virustotal.com/gui/file/fb439a00e77f5735725824a97d8912955f1088ac87a5876f622659201a7d8ffc/detection

Profile Link: PhoenixMiner <---- BAN PLEASE

Archive- LINK

Code:

https://mega.nz/#F!2VskDJrI!lsQsz1CdDe8x5cH3L8QaBw
▼
PhoenixMiner.zip

Hey @SiNeReiNZzz, could you please review your neg trust on @PhoenixMiner?

Any antivirus will accuse any miner of being.. a miner..

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: logfiles on March 07, 2021, 04:42:14 PM

Thread: https://bitcointalksearch.org/topic/ann-ethereum-welcome-to-the-beginning-428589
Poster: CrashX <---- Please report.

@logfiles, thanks for sharing!

Interesting that MindlessElectron has missed both posts from CrashX as i've found one more in the Ethereum Classic's thread which i just reported.

I also tagged the account ~~just in case it isn't banned~~. it's been banned already, good work! Wink

archive: https://loyce.club/archive/posts/5649/56491861.html

Code:

Download
Windows: https://mega.nz/file/Y0gGGRxC#qaza0p8IS1oe4XdBBMUmwJBgnZC3RMOIHCQ1bZ742VE
Linux: https://mega.nz/file/JP4yQbSC#OiAa76fJFx9CywywCjXFvgTao5xbIdV3D9RwStco-ec

logfiles

copper member

Activity: 2114

Merit: 1794

Top Crypto Casino

Quote from: Lafu on March 02, 2021, 12:26:15 PM

<...>
Looks like we have reduced for a long time now the Scam on this cases with the Malware Links .
Thanks to the Bot from Mitchell as they get deleted realy fast and quick, and its nearly impossible to report them when they show up.

Here is another one with a similar pattern. The person first makes a normal reply onto a post and then edits it into malware links a day or hours after.

Thread: https://bitcointalksearch.org/topic/ann-ethereum-welcome-to-the-beginning-428589
Poster: CrashX <---- Please report.

Quote from: ?? on ??

PhoenixMiner 5.5d - hotfix available

Notes

-Greatly improved the work of video cards with 4 gb

-Fixed global problems for video cards from Nvidia/AMD
-Fixed errors and crashes when the miner was running
-Improved work on Win7 and 10xx series video cards
-Increased hashrate on video cards series 20xx,30xx
-Increased hashrate on Ethash by an average of 10%
-Increased hashrate on ETCHash by an average of 7%
-Improved the work of the miner in general

Code:

Windows: https://mega.nz/file/Y0gGGRxC#qaza0p8IS1oe4XdBBMUmwJBgnZC3RMOIHCQ1bZ742VE
Linux: https://mega.nz/file/JP4yQbSC#OiAa76fJFx9CywywCjXFvgTao5xbIdV3D9RwStco-ec

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

After I discovered the plagiarism of the white paper, their support began to defend themselves, justifying their actions. . But upon further verification, it turned out that the wallet offered by this project also contains viruses.

Quote from: lovesmayfamilis on February 28, 2021, 06:52:56 AM

----------------------------------------------------------------------------------
What happened: Plagiarism whitepaper
https://bitcointalk.org/index.php?action=trust;flag=2650

ANN Thread: https://bitcointalksearch.org/topic/ann-pow-sha-256-bitcoin-black-core-black-coins-5320586
Archive link: https://loyce.club/archive/posts/5645/56454693.html
Profile link: https://bitcointalksearch.org/user/bitcoinblackcore-3103849
Website link: https://bitcoinblackcore.com/
Archive link: https://web.archive.org/web/20210213233405/https://bitcoinblackcore.com/
Whitepaper : https://bitcoinblackcore.com/whitepaper.pdf
Archive link: https://web.archive.org/web/20210228113950/https://bitcoinblackcore.com/whitepaper.pdf

https://www.virustotal.com/gui/file/8fa703462f38989c481d5ebec67066c155e7d23dda002b0daaf6db3f3874cdc1/detection

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: Mitchell on March 02, 2021, 12:43:33 PM

The bot was down for a while yesterday/this morning, but should be back in full force now

Looks like its working fine and well again !
As i have seen the post and was on the way to report it and then it was gone already .
Does the bot catching up after it has restarted and runs again with older posts and such things ?
I guess it does or ist just checking the new posted ones ?
Anyway as long it works again all is good .

Mitchell

copper member

Activity: 3948

Merit: 2201

Verified awesomeness ✔

Quote from: Lafu on March 02, 2021, 12:26:15 PM

[...]

Thanks to the Bot from Mitchell as they get deleted realy fast and quick, and its nearly impossible to report them when they show up.

The bot was down for a while yesterday/this morning, but should be back in full force now

Lafu

legendary

Activity: 3136

Merit: 3213

This post is just for the records so we got the Link and everybody can read it !
The link is a download Malware Link.

User : reme.mks

Post : https://bitcointalksearch.org/topic/phoenixminer-62c-fastest-ethereumethash-miner-with-lowest-devfee-winlinux-2647654 Post is already deleted

Thats what they are posting lately to catch Users to download there Shit

Quote

PhoenixMiner 5.5d - hotfix available

Notes
-Fixed global problems for video cards from Nvidia/AMD
-Fixed errors and crashes when the miner was running
-Improved work on Win7 and 10xx series video cards
-Increased hashrate on video cards series 20xx,30xx
-Increased hashrate on Ethash by an average of 15%
-Increased hashrate on ETCHash by an average of 10%
-Improved the work of the miner in general

Code:

Download
Windows: https://mega.nz/file/mdhiFZAB#cLm0_x93o4KKWRcrKJi48v9as8FOCnWuIavXENcmYiA
Linux: https://mega.nz/file/fMAwHJ6Y#asnB3mIBvZd7W5KrDqFO9Xpkybz_8MkL6IJExtf-xuY

Looks like we have reduced for a long time now the Scam on this cases with the Malware Links .
Thanks to the Bot from Mitchell as they get deleted realy fast and quick, and its nearly impossible to report them when they show up.

qwertyup23

hero member

Activity: 2268

Merit: 789

1. Malware from Github link and Fake Wallet

Thread: [ANN] SHITCOIN - (Share Holding Indelible Techology Coin) <---- DELETE

Profile Link: denibeg504
----> BRAND NEW

Archive: https://archive.fo/C0BsB

Virus Total Link/s:

Code:

https://mega.nz/folder/flwmhTgY#MF7xJmhnG7mCwqukWMo-fQ

Code:

https://mega.nz/folder/j8pSALJJ#K4kEp---cENRcoUIY-z-XQ

At first, I thought it was a false-positive on the first wallet but when I checked the second wallet a trojan horse virus was found.

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: qwertyup23 on February 16, 2021, 07:37:07 PM

1. Malware from Github link and Fake Wallet

Thread: [ANN][RAIN] RainbowGoldCoin & Hundreds of Millions in Bounties! <---- DELETE

Profile Link: liberiafreedom
----> BRAND NEW

Archive: https://archive.fo/Ji01J

Yeb and there is more as the Malware download ! There is some plagiarism also !
If you check the Ann that he has done there is some copy from XiaoMiCoin in there.

Quote from: ?? on ??

About Rain

RainbowGoldCoin
As our slogan suggests, this Cryptocurrency was built for the community and by the community.
We fully intend to implement the best practices, safe, fast, and secure transactions. Using
the Kimoto Gravity Well, assures, that this coin is as fair as it is beautiful & practical.
There are plenty of pump and dump coins out there. We simply do not believe in this get rich
fast attitude. We are developing an Android game that will reward RainbowGoldCoin to Top Scores
once per hour, with weekly, or even monthly Top Score Bonus's.
Use RainbowGoldCoin Today!

Quote

This Cryptocurrency was built for the community and by the community. We fully intend to implement the best practices, safe, fast, and secure transactions. Using the Kimoto Gravity Well, assures, that this coin is as fair as it is beautiful & practical. There are plenty of pump and dump coins out there. We simply do not believe in this get rich fast attitude. We are developing an Android game that will reward XiaoMiCoin to Top Scores once per hour, with weekly, or even monthly Top Score Bonus’s. Use XiaoMiCoin Today, a Peer-to-Peer Digital Cryptocurrency.

Source : https://cryptomining-blog.com/tag/xiaomicoin/ from 2014

And yes the User liberiafreedom should be banned for both or at least for one of this things.

qwertyup23

hero member

Activity: 2268

Merit: 789

1. Malware from Github link and Fake Wallet

Thread: [ANN][RAIN] RainbowGoldCoin & Hundreds of Millions in Bounties! <---- DELETE

Profile Link: liberiafreedom
----> BRAND NEW

Archive: https://archive.fo/Ji01J

Virus Total Link/s:

https://www.virustotal.com/gui/file/360538afec8271da6f184c439f22c6bbc2e7275d6f0570671592e47f309459cd/detection

Code:

https://mega.nz/folder/BVB0SJrK#2bFL6IP-PTBMUvgse1iBdw

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Fake ANN thread for Opioid Coin started by a brand new account.
Opioid Coin seems like a dead project without a working website and GitHub not touched in years, regardless the thread created today is still fake.

Original Opioid Coin thread and GitHub:
https://bitcointalksearch.org/topic/annoid-opioid-coin-decentralized-road-to-recovery-oidlife-4235330
https://github.com/OidLife

Fake Opioid Coin thread and GitHub:
https://bitcointalksearch.org/topic/--5317751 <-- DELETE
links to mega.nz files

Code:

Windows Wallet - https://mega.nz/folder/g11Uyaxa#8QfBNjl0FCx-83zDPWPTMQ
Linux Wallet - https://mega.nz/folder/JodTxIob#Ytp62ztZQUBaetV59_eBiQ
MacOS Wallet - https://mega.nz/folder/M4VRCIiI#13spq66qE4rFmltA9W5ylg
Android Wallet - Coming Soon

archive - https://loyce.club/archive/posts/5636/56365953.html

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: qwertyup23 on February 15, 2021, 05:23:15 AM

Quote from: Lafu on February 14, 2021, 05:58:44 PM

Hi, Lafu!

Thanks for the heads up and reminding me that the ones that I reported (recently) were false-positive detection by virus total. If I may ask, how do you determine if such wallet that looks infected, is indeed a false-positive detection? I would like to know so I can avoid posting/reporting links that appear infected facially but in truth, a false-positive. I hope for your feed back and reply!

Thank you as always, Lafu.

You can always check the files at https://www.hybrid-analysis.com/.

It gives a bit more detail and you can pick and choose the OS that the file runs on.
It will take you a bit more time as the running is not always instant if they are busy, but it will let you see what the file is doing in different OS.

For the most part, I feel that these files are if not malware, at least crap. IMO any "legitimate" new coin is going to run their wallets through a scanner to make sure they don't pop positive and if they do they would fix them. Also, no source code on github (or similar) that you can verify, even if it's not a virus, the coin is probably not legit.

-Dave

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 25. (Read 36688 times)