Report Malware and Suspicious Links here so Mods can take Action ! - page 26.

qwertyup23

hero member

Activity: 2268

Merit: 789

Quote from: Lafu on February 14, 2021, 05:58:44 PM

Hi, Lafu!

Thanks for the heads up and reminding me that the ones that I reported (recently) were false-positive detection by virus total. If I may ask, how do you determine if such wallet that looks infected, is indeed a false-positive detection? I would like to know so I can avoid posting/reporting links that appear infected facially but in truth, a false-positive. I hope for your feed back and reply!

Thank you as always, Lafu.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Walletbuilders used to be a legitimate service. I don't know if it still is.
But, malwarebytes desktop blocks it by default, sonicwall blocks it by default and Norton blocks it by default.

I can't tell if they went "evil" or it's just a generic bitcoin / miner block.

Will have to check later to see if I can dig though it. So for now its a bit tough to tell if the people posting wallets from there are legit bad, or just caught up in a big net.
Or, if they built a free wallet and did not even know it was bad.

-Dave

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: qwertyup23 on February 14, 2021, 01:59:37 PM

https://www.virustotal.com/gui/file/9fff94b3ef7fb3924c83eff47e9d020c24848cb3f92fb50abc5f9a3b6160da1e/detection

*EDIT
The whitepaper on their website seemed to have copied directly from Bitcoin's whitepaper. Mods, kindly nuke the account and ban him as he is starting to create chaos in the ANN board.

https://getcovid19.org/wp-content/uploads/2021/02/whitepaper.pdf

Looks like a false positive detection to me on Virustotal .
Have done a quicke research on the File from Virustotal.

Code:

MacOS:BitCoinMiner-CG [PUP]

https://blog.malwarebytes.com/detections/pup-optional-bitcoinminer/
https://support.avg.com/answers?id=9060N0000000Ro9QAE

About the Whitepaper if you looking on the last Page there you can find all reference links where he has used the stuff in it .

Algorithm for the Coin is CryptoNight.
The Coin is forked from cryptonotefoundation/cryptonote.
Source : https://github.com/covid19-crypto-dev?tab=repositories

qwertyup23

hero member

Activity: 2268

Merit: 789

1. Malware from Github link and Fake Wallet

Thread: Get Covid-19!... Coin <---- DELETE

Profile Link: ravenhearti
----> BRAND NEW

Archive: https://archive.fo/Qk6cO

Virus Total Link/s:

https://www.virustotal.com/gui/file/9fff94b3ef7fb3924c83eff47e9d020c24848cb3f92fb50abc5f9a3b6160da1e/detection

Code:

https://getcovid19.org/files/covid-19.tar.gz

*EDIT
The whitepaper on their website seemed to have copied directly from Bitcoin's whitepaper. Mods, kindly nuke the account and ban him as he is starting to create chaos in the ANN board.

https://getcovid19.org/wp-content/uploads/2021/02/whitepaper.pdf

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: qwertyup23 on February 09, 2021, 09:38:54 PM

[ANN] [VK7R] [Vektorcoin] Worlds best upcoming esports coin

The Vektorcoin thread was re-posted shortly after the old one was removed, same wallets again, and the account used to start the topic is likely to be compromised, his password has recently been changed.

[ANN] [VEKTORCOIN] Esports coin <-- DELETE

(archive)

Code:

windows wallet https://dl.walletbuilders.com/download?customer=5e9b9527c50fbb9e27cc83d3589f1c03014b9ba7fd7d20d0f6&filename=vektorcoin-qt-windows.zip

linux wallet: https://dl.walletbuilders.com/download?customer=5e9b9527c50fbb9e27cc83d3589f1c03014b9ba7fd7d20d0f6&filename=vektorcoin-qt-linux.tar.gz

Wallet scan, thanks to @qwertyup23!

virustotal results:

https://www.virustotal.com/gui/file/0a45db818a69f52f4b6761d881cecb6671e5ec33374e49fc765c66e5fb821879/detection
https://www.virustotal.com/gui/file/6731066a4f931a1e673c5435c2747645b6a91c8ae49d504de7775f7f237196ae/detection

note to self, watch these accounts:

Godson_Mansa
jimlite
trader19
procrypto

qwertyup23

hero member

Activity: 2268

Merit: 789

1. Malware from Github link and Fake Wallet

Thread: [ANN] [VK7R] [Vektorcoin] Worlds best upcoming esports coin <---- DELETE

Profile Link: owvids
----> Last post November 09, 2017

Archive: https://archive.fo/ghDxD

Virus Total Link/s:

Code:

 https://dl.walletbuilders.com/download?customer=5e9b9527c50fbb9e27cc83d3589f1c03014b9ba7fd7d20d0f6&filename=vektorcoin-qt-windows.zip

Code:

 https://dl.walletbuilders.com/download?customer=5e9b9527c50fbb9e27cc83d3589f1c03014b9ba7fd7d20d0f6&filename=vektorcoin-qt-linux.tar.gz

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: jerry0 on February 09, 2021, 01:44:47 AM

What about links on peoples profiles? Wouldn't many of those links probalby have malware/keylogger?

If you found some Accounts or Users that have that kind of links in there signature or profiles just post it in here with all the Information about ,
and if possible a proof of that the links are Malware or other shady Software.

Username and link to the Userprofile and what kind of link .
Use the Code fubction

Code:

this

for the link so nobody can click it.

One of the Moderators or Global Mods checking this Thread everytime a new post is done and they can take some action if needed.

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

Quote from: jerry0 on February 09, 2021, 01:44:47 AM

What about links on peoples profiles? Wouldn't many of those links probalby have malware/keylogger?

This forum ism't also equipped with a report button on the profile page. Maybe you can report it here or create a new thread on the Meta board for faster handling by global mods.

jerry0

full member

Activity: 1750

Merit: 186

What about links on peoples profiles? Wouldn't many of those links probalby have malware/keylogger?

Lafu

legendary

Activity: 3136

Merit: 3213

Fake ANN !

Thread : [ANN] [SCHO] SCHOLARSHIP - send money to friends and businesses [ASIC/Scrypt]

User : ScholarshipCoin <------ Please ban that User and delete the Thread

Just registered Today
The Fake Github was just registered 4 Hours ago

Archive : https://archive.fo/wip/LXTjK

Code:

[b]Wallets[/b]
Windows: [url=https://github.com/scholarshlpcoin/scholarshipcoin/releases/download/v0.18.4/Scholarship-QT-Windows.zip]https://github.com/scholarshipcoin/scholarshipcoin/releases/download/v0.18.4/Scholarship-QT-Windows.zip[/url]

Fake Github : https_://github.com/scholarshlpcoin/scholarshipcoin/releases/download/v0.18.4/Scholarship-QT-Windows.zip
And there is only this one download file with a size of 18.9 MB

Real Github : https_://github.com/scholarshipcoin/scholarshipcoin/releases/download/v0.18.4/Scholarship-QT-Windows.zip
Here are many download and other Files and the zip file has a size of 16.6 MB

The difference between this 2 Links are :

Fake Github is scholarshlpcoin
Real Github is scholarshipcoin

There is no ANN as i havnt found one but on there Website you can see and find the Real Github and download link.

Website : https://scholarshipcoin.org/

Lafu

legendary

Activity: 3136

Merit: 3213

4 of that 8 detections are false positive as it looks , and the others for sure dosnt looks nice.
Archive.Trojan.Agent.IY4X2W is a modded version of some kind of Malware that operates in th backdoors.
Win32:Malware-gen is Malware and helps to get a remote control of the PC and also can be used to steal personal data and other things.
Source : https://dieviren.de/win32malware-gen/

qwertyup23

hero member

Activity: 2268

Merit: 789

Malware from Github link

Thread: Snatcoin [SNAT] relaunch <---- DELETE

Profile Link: UnbrokenSnat
----> BRAND NEW: January 25, 2021

Archive: https://archive.fo/h6gX8

Virus Total Link: https://www.virustotal.com/gui/file/a3e3409ba26cb50ca3157fa8308216f4a63bec24c49861beaac5ac4819f0cc85/detection

Code:

 https://snatcoin.org/releases/snatcoin_v101b.rar

qwertyup23

hero member

Activity: 2268

Merit: 789

Seems like their ANN threads are still here. Kindly delete and nuke these bastards, thank you!

Original ANN of GATECOIN :

Code:

https://bitcointalk.org/index.php?topic=5267955.0

FAKE GATECOIN THREAD:
USER: ka4604-435
https://bitcointalksearch.org/topic/anngatecoin-gatemining-by-miners-for-miners-blake-256-5312641

Original ANN of INDIUM:

Code:

https://bitcointalk.org/index.php?topic=5274006

FAKE INDIUM THREAD:
USER: clausis
https://bitcointalksearch.org/topic/--5312630

Original ANN of MOBILECOIN :

Code:

https://bitcointalk.org/index.php?topic=5080600.0

FAKE MOBILECOIN THREAD:
USER: max.ribery
https://bitcointalksearch.org/topic/ann-mobilepaycoin-ai-mcpc-masternodesposlive-on-crex24-5312649

qwertyup23

hero member

Activity: 2268

Merit: 789

Kindly delete all of these fake threads, thank you!

Original ANN of GATECOIN :

Code:

https://bitcointalk.org/index.php?topic=5267955.0

FAKE GATECOIN THREAD:
USER: monasti68
https://bitcointalksearch.org/topic/anngatecoin-gatemining-by-miners-for-miners-blake-256-5312618

Original ANN of INDIUM:

Code:

https://bitcointalk.org/index.php?topic=5274006

FAKE INDIUM THREAD:
USER: franz.perthen
https://bitcointalksearch.org/topic/annpowind-indium-argon2id-chukwa-5312617

Original ANN of MOBILECOIN :

Code:

https://bitcointalk.org/index.php?topic=5080600.0

FAKE MOBILECOIN THREAD:
USER: peter.horvat

Rikafip

legendary

Activity: 1722

Merit: 5937

Several fake announcement threads with malware appeared this morning, please delete them and nuke the users. It's probably the same person behind all 4 fake ANN threads as M.O. is the same: all four accounts are made today, threads are locked, githubs recently created etc.

User remuskraenze
ANN [ANN][POW][IND] Indium - Argon2id Chukwa
Archive https://loyce.club/archive/posts/5619/56198845.html

Code:

https://github.com/indium-source/qt-v1.0.0.0/releases/download/v1.0.0.0/indium-v1.0.0.0.zip

User patrickrottstedt
ANN [ANN]Gatecoin & Gatemining by miners for miners [Blake-256]
Archive https://loyce.club/archive/posts/5619/56199076.html

Code:

https://github.com/Gate-source/qt/releases/download/v1.0.0.4/gatecoin-qt.zip

User bayerer
ANN [ANN] MobilePayCoin ⭐️ MCPC MASTERNODES/POS(LIVE ON CREX24)
Archive https://loyce.club/archive/posts/5619/56198844.html

Code:

 https://github.com/mcpc-source/mcpc/releases/download/v1.5.0/MobilePayCoin-core.zip

User martinaroehr
ANN [ANN]Gatecoin & Gatemining by miners for miners [Blake-256]
Archive https://loyce.club/archive/posts/5619/56198841.html

Code:

https://github.com/Gate-source/qt/releases/download/v1.0.0.4/gatecoin-qt.zip

qwertyup23

hero member

Activity: 2268

Merit: 789

Lots of fake ANNs are resurfacing once again. Kindly delete all of these threads and posts, thank you very much!

Original ANN of GATECOIN :

Code:

https://bitcointalk.org/index.php?topic=5267955.0

FAKE GATECOIN THREADS:
https://bitcointalksearch.org/topic/anngatecoin-gatemining-by-miners-for-miners-blake-256-5310912
https://bitcointalksearch.org/topic/anngatecoin-gatemining-by-miners-for-miners-blake-256-5310901

Original ANN of INDIUM:

Code:

https://bitcointalk.org/index.php?topic=5274006

FAKE INDIUM THREAD:
https://bitcointalksearch.org/topic/annpowind-indium-argon2id-chukwa-5310910

... will update this list if ever they post again

Rikafip

legendary

Activity: 1722

Merit: 5937

Looks like fake ANNs started appearing again. They weren't missed for sure...

Original MobilePayCoin ANN
----✅[ANN] MobilePayCoin ⭐ MCPC MASTERNODES/POS(LIVE ON CREX24)✅----

Fake MobilePayCoin threads, please delete them and nuke the users, as all accounts used are created yesterday for the purpose of spreading malware links.
https://bitcointalksearch.org/topic/--5311009
https://loyce.club/archive/posts/5614/56144181.html

https://bitcointalksearch.org/topic/ann-mobilepaycoin-ai-mcpc-masternodesposlive-on-crex24-5310904
https://loyce.club/archive/posts/5614/56142295.html

https://bitcointalksearch.org/topic/--5310935
https://loyce.club/archive/posts/5614/56142955.html

https://bitcointalksearch.org/topic/--5310928
https://loyce.club/archive/posts/5614/56142756.html

Same fake github used in all four threads

Code:

 https://github.com/mcpc-core/mcpc/releases/download/v1.5.0/MobilePayCoin-core.zip

qwertyup23

hero member

Activity: 2268

Merit: 789

1. Malware from Github link, Fake Wallet and Fake ANN

Thread: [ANN][POW][IND] Indium - Argon2id Chukwa <---- DELETE

Profile Link: bnp_10
----> BRAND NEW: Last post January 19, 2021

Archive:

Code:

 https://github.com/ind-core/Indium-qt/releases/download/v1.0.0.0/Indium-qt.zip

Original ANN: https://bitcointalksearch.org/topic/annpowind-indium-argon2id-chukwa-5274006

Original Wallet Download:

Code:

https://github.com/IndiumCrypto/Indium/releases/latest

2. Malware from Github link, Fake Wallet and Fake ANN

Thread: ----✅[ANN] MobilePayCoin ⭐️ MCPC MASTERNODES|POS(LIVE ON CREX24)✅---- <---- DELETE

Profile Link: xwarlockx
----> Brand New: January 19, 2021

Archive:

Code:

 https://github.com/mcpc-core/mcpc/releases/download/v1.5.0/MobilePayCoin-core.zip

Original ANN: https://bitcointalksearch.org/topic/ann-mobilepaycoin-mcpc-masternodesposlive-on-crex24-5080600

Original Wallet Download:

Code:

https://github.com/MobilePayCoin/MobilePayCoin/releases/download/v1.5.0/MCPCoin-v1.5.0-win64.zip

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: Mitchell on January 15, 2021, 06:35:13 AM

Yes, those bots keep coming back and MindlessElectron keeps removing them. At some point they'll have to give up.

I was thinking that your bot will catch them and thats the reason why they get so fast deleted and removed.
Thanks for that and yes you are hopefully right that they give up at some stage .
If they will create a new sheme for there posting i also guess thats not a big thing to setting up your bot for this.

Thanks again its so much helpful for get rid of this posts and threads.

Mitchell

copper member

Activity: 3948

Merit: 2201

Verified awesomeness ✔

Yes, those bots keep coming back and MindlessElectron keeps removing them. At some point they'll have to give up.

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 26. (Read 36688 times)