Report Malware and Suspicious Links here so Mods can take Action ! - page 27.

Lafu

legendary

Activity: 3220

Merit: 3509

Quote from: Halab on June 21, 2021, 11:36:57 AM

Hi there,
- I used virustotal like you, but it gives me nothing but I'm not really good at detecting malware (https://www.virustotal.com/gui/url/bb4245b072d0f06a4c6d88b25770a884201c2fb3918833b92e65a28dff70c6e8/detection).

Am I paranoid ?

Hi Halab thanks for posting here and let us know about that.
The problem why you dont have seen any detection is that you just scanned the URL from Github and normaly this will not detecting anything.
For a real and intensive Scan you have to download the File ( just download and not open the File ) and then you have to upload it to Virustotal.
This mostly detecting Malware or other shady Software.

But looks like your instinct was right , well done !
And you are not paranoid !

Xal0lex

staff

Activity: 2436

Merit: 2347

Look at this link and you will have no doubts.

47/64

https://www.virustotal.com/gui/file/fd0e7c8d668e69b0f4b63d4b3a39db40e283ca5ee8c3dc988da667e1f716c769/detection

Halab

staff

Activity: 2408

Merit: 2021

I find your lack of faith in Bitcoin disturbing.

Hi there,

I need feedback on a topic created by a newbie in the french (and now spanish) section.

- Account created today who "made a guide to help...".
- He used Google Translate.
- Github created 3 days ago.
- I used virustotal like you, but it gives me nothing but I'm not really good at detecting malware (https://www.virustotal.com/gui/url/bb4245b072d0f06a4c6d88b25770a884201c2fb3918833b92e65a28dff70c6e8/detection).

Am I paranoid ?

The account : Annapetit (see 'Show the last topics started by this person.')

Edit : Thanks Xal0lex. Account nuked.

Lafu

legendary

Activity: 3220

Merit: 3509

Quote from: ?? on ??

The detections look like a miner was detected, which makes sense, because according to their OP the software seems to contain a miner.
It's also visible in their source-code on Github: https_://github.com/armornetworkdev/armor-gui/tree/v0.02/src/Miner (caution! Do not compile or download anything from this repository! It may be harmful).

The client seems to be a fork of Bytecoin. However I just checked a version of Bytecoins Portable client on VirusTotal and there were no detections unlike the "Armor AMX"-client, so caution is advised. Has anyone checked their source more closely for malicious code? Because if they really included malware, a clean antivirus-scan doesn't necessarily mean, that everything is clean.

Yes there was a few Miner Software false positive detections , thats right , but there was also some Malware and Trojan in there.
If its realy a fork from bytecoin there would be not so many detections , and it looks like it was modifyd.
I havnt checked it deeper but the thread got deleted already and i guess for a good reason .

qwertyup23

hero member

Activity: 2296

Merit: 796

Quote from: Lafu on May 27, 2021, 10:10:59 AM

Nice found buddy !
I was looking at it yesterday also but have no time to check it more .
There are a lot of detections in there damn , for sure there are a few miner dections but also Malware and Trojan detections.
Dont know if it will bring something to write in the Thread and ask whats going on with the Wallet and things .

As always, thank you Lafu!

I mainly use my MacBook for my research and school purposes. Every time I scan wallet files using Virus total, I usually download the zip file that is compatible for windows in order to prevent any virus should I ever opt to download the macOS wallet.

When I saw the results of the virus scan, it nearly gave me a heart attack to see the amount of trojan virus contained on that wallet. I quickly deleted the file and I scanned my laptop. Fortunately, the scan went clean!

Lafu

legendary

Activity: 3220

Merit: 3509

Quote from: qwertyup23 on May 27, 2021, 02:58:20 AM

1. Malware from Github link and Fake Wallet

Thread: Armor AMX (Armor Network) <---- DELETE

Profile Link: ArmorAMX
----> BRAND NEW: Last post March 13, 2021

Archive: https://archive.fo/7AVF2

Virus Total Link/s:

https://www.virustotal.com/gui/file/c156693a35b4a8b6e2ed65a4a0ff3ed22990cce9c52aef410c68e3dd416861f3/detection

Nice found buddy !
I was looking at it yesterday also but have no time to check it more .
There are a lot of detections in there damn , for sure there are a few miner dections but also Malware and Trojan detections.
Dont know if it will bring something to write in the Thread and ask whats going on with the Wallet and things .

qwertyup23

hero member

Activity: 2296

Merit: 796

1. Malware from Github link and Fake Wallet

Thread: Armor AMX (Armor Network) <---- DELETE

Profile Link: ArmorAMX
----> BRAND NEW: Last post March 13, 2021

Archive: https://archive.fo/7AVF2

Virus Total Link/s:

https://www.virustotal.com/gui/file/c156693a35b4a8b6e2ed65a4a0ff3ed22990cce9c52aef410c68e3dd416861f3/detection

Code:

https://github.com/armornetworkdev/armor-gui/releases/download/v0.02/armor-desktop-master-win64-portable.zip

qwertyup23

hero member

Activity: 2296

Merit: 796

Quote from: Lafu on May 18, 2021, 04:02:21 AM

Dont know if you have seen or readed the old and original Ann !
Maybe take a look there as the User have written there also that there is will be a new thread for it !
https://bitcointalksearch.org/topic/m.57028243

There are a few Malware detections but also it look like a few false positive one from the Wallet link and Virustotal .
Have to look more into it laters .

Thanks for the heads-up! Will definitely check again the wallet links posted. I'm also going to scan it in a different platform to see if it is indeed a false-positive garnered by virustotal. Nevertheless, thank you for the heads-up, Lafu!

Lafu

legendary

Activity: 3220

Merit: 3509

Quote from: qwertyup23 on May 18, 2021, 02:25:07 AM

~~~~

Dont know if you have seen or readed the old and original Ann !
Maybe take a look there as the User have written there also that there is will be a new thread for it !
https://bitcointalksearch.org/topic/m.57028243

There are a few Malware detections but also it look like a few false positive one from the Wallet link and Virustotal .
Have to look more into it laters .

qwertyup23

hero member

Activity: 2296

Merit: 796

1. Malware from Github link and Fake Wallet

Thread: ANN - PrivatePay [XPP] <---- DELETE

Profile Link: Yoko19v
----> BRAND NEW: Last post March 12, 2021

Archive: https://archive.fo/0k5V8

Virus Total Link/s:

https://www.virustotal.com/gui/file/bb51e233e3070cdd89159ef6c14c07737d9eb97b491517172b79da33dd42acfa/detection

Code:

https://github.com/PrivatePay-Reborn/PrivatePay/releases/download/v1.0/privatepay-win64.zip

Lafu

legendary

Activity: 3220

Merit: 3509

Quote from: PhoenixMiner on May 12, 2021, 01:43:27 AM

Probably compromised account, posting suspicious links in PhoenixMiner thread, pretending to be an official release of the miner.

Quote

The new beta version is finally ready. You can download PhoenixMiner 5.6d from here:

Code:

[url=http_://PhoenixMiner_5.6d_Windows.zip]PhoenixMiner_5.6d_Windows.zip[/url] (GitHub) [i]link removed[/i]
[url=http_://PhoenixMiner_5.6d_Linux.tar.gz]PhoenixMiner_5.6d_Linux.tar.gz[/url] (GitHub) [i]link removed[/i]

Looks like that the bot from mitchell already catching this kind of posts and links on your thread and from the forum!
As i have seen a few there and was on the way to report it to the moderators but the most got deleted instant.
Reported a few of them , thanks for let us know about the new links and post .

PhoenixMiner

full member

Activity: 357

Merit: 101

Probably compromised account, posting suspicious links in PhoenixMiner thread, pretending to be an official release of the miner.

User : stef_stef

Post : https://bitcointalksearch.org/topic/phoenixminer-62c-fastest-ethereumethash-miner-with-lowest-devfee-winlinux-2647654

Last post from this User was in June 25, 2019
The Github that is used for the links is created today (May 12, 2021)

Quote

The new beta version is finally ready. You can download PhoenixMiner 5.6d from here:

PhoenixMiner_5.6d_Windows.zip (GitHub) link removed
PhoenixMiner_5.6d_Linux.tar.gz (GitHub) link removed

The new features in this release are:

The problem with the missing GPU temperatures on Nvidia GPUs is fixed
Added native kernels for AMD RX6700 GPUs. These are faster than the generic kernels and produce a lot less stale shares
Increase the max supported DAG epoch to 550 (should be enough to about Jan 2023)
Full support for setting clocks, fan speeds, voltages, and memory timings of AMD RX6900/6800/6700 cards
The specific hashrate is now shown in the form of kilo hashes per joule (kH/J). Example: if a GPU has hashrate of 30 MH/s with 100W power usage, the specific hashrate is 300 kH/J
Added new command-line parameters -ttj and -ttmem, allowing automatic fan speed control based on GPU hotspot (junction), and memory temperatures respectively. Example: -ttmem 83 will keep the GPU memory temperature at or bellow 83C by increasing the fan speed as necessary. These parameters can be combined with -tt, as well as with each other. These options are supported only on AMD GPUs that report junction and memory temperatures
Added new command-line parameters -tmaxj and -tmaxmem, allowing to decrease the GPU usage when the GPU hotspot (junction), or GPU memory temperatures are above the specified thresholds. These options are supported only on AMD GPUs that report junction and memory temperatures
Added support for AMD Windows drivers 21.3.2, and 21.3.1
Added support for AMD Linux drivers 20.50.x. Use this drivers only if you have Polaris or older GPUs, or the latest RX6x000 GPUs. WARNING: Vega, Radeon VII, and Navi GPUs won't work with these drivers!
Turn off the zero fan feature on AMD cards whenever a fixed fan speed is used (e.g. -tt -40), or when an auto fan with min fan speed is used (e.g. -tt 63 -minfan 35). To disable this feature, add -fanstop 1 command-line parameter
When -mcdag 1 is specified under Linux, the miner will not wait for the daggen.sh script to finish before starting to generate the DAGs. Instead it will for a fixed 7 seconds. This allows you to do all the following in the daggen.sh: turn off the overclocking of Nvidia GPUs, sleep for 30-60 seconds to allow time for DAG generation, and then re-apply the overclocking of the Nvidia GPUs
Other small improvements and fixes

The support for -ttj, -ttmem, -tmaxj, and -tmaxmem for Nvidia 3090 and 3080 GPUs is not yet ready for release. We hope to have it ready for the final 5.6 release.

For more robust integrity check, you can use our GPG public key, which was verifyed with ETH transaction from our main devfee account as explained here: https://bitcointalksearch.org/topic/m.56755869.

Please let us know if you have any problems or questions related to PhoenixMiner 5.6d.

qwertyup23

hero member

Activity: 2296

Merit: 796

1. Malware from Github link and Fake Wallet

Thread: [ANN] COINBE - POW/POS - Anonymous, Secure, Independent <---- DELETE

Profile Link: bemoney
----> BRAND NEW: Last post May 10, 2021

Archive: https://archive.fo/vOz1d

Virus Total Link/s:

Code:

https://github.com/coin-be/core/releases/download/1.0/coinbe-qt-linux.tar.gz

Code:

https://github.com/coin-be/core/releases/download/1.0/coinbe-qt-windows.zip

Lafu

legendary

Activity: 3220

Merit: 3509

Next Fake ANN !

Thread : [ANN] [LCNT] LUCENT POW/HYBRID MASTERNODE/DARKSEND

User : yetiripper <----- Please ban or lock that Account

This user recently woke up from a long period of inactivity.
Last post from this User was in August 22, 2018, possible Hacked or sold Account
Github Account was just an Hour ago created

Archive : https://web.archive.org/web/20210510122808/https://bitcointalksearch.org/topic/ann-lcnt-lucent-powhybrid-masternodedarksend-5336472

Virustotal : https://www.virustotal.com/gui/file/73fbc45552927c7a7ec5d93896917040d3d8075a5ae6e63e0a1d2b7cee4824c2/detection

Code:

Windows: [URL=https://github.com/LCNT-coin/Lucent/raw/main/lucent-qt-windows64.zip] https://github.com/LucentCoin/Lucent/releases/download/v0.13.0.1/lucent-qt-windows64.zip[/URL]

Fake Github : https_://github.com/LCNT-coin/Lucent/raw/main/lucent-qt-windows64.zip

Real Github : https_://github.com/LucentCoin/Lucent/releases

Original ANN

Thread : [ANN] HYBRID MASTERNODE/POW/DARKSEND LUCENT [LCNT]

User : OfficialLCNT

Code:

https://github.com/LucentCoin/Lucent/releases

Lafu

legendary

Activity: 3220

Merit: 3509

For sure the Account got sold or hacked as the last post was done in January 29, 2020 from this Account !
Also the Exchange that he is writing in there Ann are at the moment in maintenance as they got hacked a few days ago.
The Github Account was created 17 hours ago , nice found buddy and will try to report the Github Account.

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Please ban/lock user XperiaZ4 and delete their fake announcement thread: [ANN] SharkCoin (SKN) POS + MASTERNODE

It's worth noting that the GitHub account they're using is named Chia-Netvvork, and it has two repositories, one for SharkCoin and one for Chia (empty). I believe they will use the same GitHub tomorrow or in the coming days, as Chia holders will be able to spend/sell their coins beginning May 3rd. So everyone, be on the lookout for more fake Chia threads...

Original SharkCoin thread and GitHub:
https://bitcointalksearch.org/topic/ann-sharkcoin-skn-pos-masternode-5253754
https_://github.com/sharkcoin32/Sharkcoin

Fake SharkCoin thread and GitHub:
https://bitcointalksearch.org/topic/ann-sharkcoin-skn-pos-masternode-5334702
https_://github.com/Chia-Netvvork (created less than a day ago)
https://archive.fo/PVxI0

Code:

WALLETS:
Win64: https_://github.com/Chia-Netvvork/SharkCoin/raw/main/sharkcoin-3.4-win64.rar

Lafu

legendary

Activity: 3220

Merit: 3509

Quote from: qwertyup23 on April 29, 2021, 09:45:43 AM

1. Malware from Github link and Fake Wallet

Thread: 🔥[ANN]🔥[BTO]💰BITOCOIN⚡️CPU mining⚡️FREE AND MINABLE🔥🚀🔥🚀🔥🚀 <---- DELETE

Profile Link: Bitosim
----> BRAND NEW: Last post April 07, 2021
Archive: https://archive.fo/asOKb

Nice found !
And i also have looked on the Whitepaper there and there is nothing special written in there !
They used a few Lines in there from diffrent papers like from LiteCoin and others .
And at the moment the Website dosnt work , cant get there !

qwertyup23

hero member

Activity: 2296

Merit: 796

1. Malware from Github link and Fake Wallet

Thread: 🔥[ANN]🔥[BTO]💰BITOCOIN⚡️CPU mining⚡️FREE AND MINABLE🔥🚀🔥🚀🔥🚀 <---- DELETE

Profile Link: Bitosim
----> BRAND NEW: Last post April 07, 2021

Archive: https://archive.fo/asOKb

Virus Total Link/s:

https://www.virustotal.com/gui/file/deda6fe8bbe1c2a4f7630cac8793e39433fbf4760f9fcf23a85a7cf20a8fe52d/detection

Code:

https://github.com/redstone5561/Bitocoin/raw/main/bitocoin-qt%201.exe

Lafu

legendary

Activity: 3220

Merit: 3509

Quote from: morvillz7z on April 26, 2021, 04:49:18 PM

~~~~~

Nice found buddy !
Hope that this is not the next wave starting with shitloads of new Fake Announcement Threads again.
But it can be as it was a long time quiet now from them , maybe the collected in this time new Accounts and starting again.
Will be more have an eye out there for sure now .

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Please ban/nuke newbie CohenB and delete their fake announcement thread: [ANN] Chia Network - Official Thread
Chia Network does not have an official thread here on bitcointalk, the one started by CohenB contains links to fake Github account and mega . nz files!

You can find and cross-check Chia Network downloads either on their website or on their official Twitter account:
https://chia.net/
https://twitter.com/chia_project

Original Chia Network thread and GitHub:
https://chia.net/
https://github.com/Chia-Network

Fake Chia Network thread and GitHub:
https://bitcointalksearch.org/topic/ann-chia-network-official-thread-5333119
https_://github.com/Chla-Network (404 error, it's either being deleted by mods or does not exist)
https://archive.fo/3ULTI

Code:

https://github.com/Chla-Network
https://mega.nz/file/pxg3mKzY#YbwuEb0gAbuwWcJlrHWgoSSRY6zJNCUukdjALkfkacA

Miscellaneous:

CohenB got 105 merits from three separate accounts that i suspect are compromised, they have either recently awoken or haven't posted in years. 100 merits have been sent to the following post:

archive: https://loyce.club/archive/posts/5686/56860793.html

Quote from: CohenB Sat Apr 24 20:43:07 CEST 2021

nice

jobsbuell - https://bitcointalksearch.org/user/jobsbuell-863226
majestymage - https://bitcointalksearch.org/user/majestymage-533079
Erickvand - https://bitcointalksearch.org/user/erickvand-966944

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 27. (Read 38839 times)