Report Malware and Suspicious Links here so Mods can take Action ! - page 28.

Lafu

legendary

Activity: 3178

Merit: 3295

Quote from: qwertyup23 on February 16, 2021, 07:37:07 PM

1. Malware from Github link and Fake Wallet

Thread: [ANN][RAIN] RainbowGoldCoin & Hundreds of Millions in Bounties! <---- DELETE

Profile Link: liberiafreedom
----> BRAND NEW

Archive: https://archive.fo/Ji01J

Yeb and there is more as the Malware download ! There is some plagiarism also !
If you check the Ann that he has done there is some copy from XiaoMiCoin in there.

Quote from: ?? on ??

About Rain

RainbowGoldCoin
As our slogan suggests, this Cryptocurrency was built for the community and by the community.
We fully intend to implement the best practices, safe, fast, and secure transactions. Using
the Kimoto Gravity Well, assures, that this coin is as fair as it is beautiful & practical.
There are plenty of pump and dump coins out there. We simply do not believe in this get rich
fast attitude. We are developing an Android game that will reward RainbowGoldCoin to Top Scores
once per hour, with weekly, or even monthly Top Score Bonus's.
Use RainbowGoldCoin Today!

Quote

This Cryptocurrency was built for the community and by the community. We fully intend to implement the best practices, safe, fast, and secure transactions. Using the Kimoto Gravity Well, assures, that this coin is as fair as it is beautiful & practical. There are plenty of pump and dump coins out there. We simply do not believe in this get rich fast attitude. We are developing an Android game that will reward XiaoMiCoin to Top Scores once per hour, with weekly, or even monthly Top Score Bonus’s. Use XiaoMiCoin Today, a Peer-to-Peer Digital Cryptocurrency.

Source : https://cryptomining-blog.com/tag/xiaomicoin/ from 2014

And yes the User liberiafreedom should be banned for both or at least for one of this things.

qwertyup23

hero member

Activity: 2282

Merit: 795

1. Malware from Github link and Fake Wallet

Thread: [ANN][RAIN] RainbowGoldCoin & Hundreds of Millions in Bounties! <---- DELETE

Profile Link: liberiafreedom
----> BRAND NEW

Archive: https://archive.fo/Ji01J

Virus Total Link/s:

https://www.virustotal.com/gui/file/360538afec8271da6f184c439f22c6bbc2e7275d6f0570671592e47f309459cd/detection

Code:

https://mega.nz/folder/BVB0SJrK#2bFL6IP-PTBMUvgse1iBdw

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Fake ANN thread for Opioid Coin started by a brand new account.
Opioid Coin seems like a dead project without a working website and GitHub not touched in years, regardless the thread created today is still fake.

Original Opioid Coin thread and GitHub:
https://bitcointalksearch.org/topic/annoid-opioid-coin-decentralized-road-to-recovery-oidlife-4235330
https://github.com/OidLife

Fake Opioid Coin thread and GitHub:
https://bitcointalksearch.org/topic/--5317751 <-- DELETE
links to mega.nz files

Code:

Windows Wallet - https://mega.nz/folder/g11Uyaxa#8QfBNjl0FCx-83zDPWPTMQ
Linux Wallet - https://mega.nz/folder/JodTxIob#Ytp62ztZQUBaetV59_eBiQ
MacOS Wallet - https://mega.nz/folder/M4VRCIiI#13spq66qE4rFmltA9W5ylg
Android Wallet - Coming Soon

archive - https://loyce.club/archive/posts/5636/56365953.html

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: qwertyup23 on February 15, 2021, 05:23:15 AM

Quote from: Lafu on February 14, 2021, 05:58:44 PM

Hi, Lafu!

Thanks for the heads up and reminding me that the ones that I reported (recently) were false-positive detection by virus total. If I may ask, how do you determine if such wallet that looks infected, is indeed a false-positive detection? I would like to know so I can avoid posting/reporting links that appear infected facially but in truth, a false-positive. I hope for your feed back and reply!

Thank you as always, Lafu.

You can always check the files at https://www.hybrid-analysis.com/.

It gives a bit more detail and you can pick and choose the OS that the file runs on.
It will take you a bit more time as the running is not always instant if they are busy, but it will let you see what the file is doing in different OS.

For the most part, I feel that these files are if not malware, at least crap. IMO any "legitimate" new coin is going to run their wallets through a scanner to make sure they don't pop positive and if they do they would fix them. Also, no source code on github (or similar) that you can verify, even if it's not a virus, the coin is probably not legit.

-Dave

qwertyup23

hero member

Activity: 2282

Merit: 795

Quote from: Lafu on February 14, 2021, 05:58:44 PM

Hi, Lafu!

Thanks for the heads up and reminding me that the ones that I reported (recently) were false-positive detection by virus total. If I may ask, how do you determine if such wallet that looks infected, is indeed a false-positive detection? I would like to know so I can avoid posting/reporting links that appear infected facially but in truth, a false-positive. I hope for your feed back and reply!

Thank you as always, Lafu.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Walletbuilders used to be a legitimate service. I don't know if it still is.
But, malwarebytes desktop blocks it by default, sonicwall blocks it by default and Norton blocks it by default.

I can't tell if they went "evil" or it's just a generic bitcoin / miner block.

Will have to check later to see if I can dig though it. So for now its a bit tough to tell if the people posting wallets from there are legit bad, or just caught up in a big net.
Or, if they built a free wallet and did not even know it was bad.

-Dave

Lafu

legendary

Activity: 3178

Merit: 3295

Quote from: qwertyup23 on February 14, 2021, 01:59:37 PM

https://www.virustotal.com/gui/file/9fff94b3ef7fb3924c83eff47e9d020c24848cb3f92fb50abc5f9a3b6160da1e/detection

*EDIT
The whitepaper on their website seemed to have copied directly from Bitcoin's whitepaper. Mods, kindly nuke the account and ban him as he is starting to create chaos in the ANN board.

https://getcovid19.org/wp-content/uploads/2021/02/whitepaper.pdf

Looks like a false positive detection to me on Virustotal .
Have done a quicke research on the File from Virustotal.

Code:

MacOS:BitCoinMiner-CG [PUP]

https://blog.malwarebytes.com/detections/pup-optional-bitcoinminer/
https://support.avg.com/answers?id=9060N0000000Ro9QAE

About the Whitepaper if you looking on the last Page there you can find all reference links where he has used the stuff in it .

Algorithm for the Coin is CryptoNight.
The Coin is forked from cryptonotefoundation/cryptonote.
Source : https://github.com/covid19-crypto-dev?tab=repositories

qwertyup23

hero member

Activity: 2282

Merit: 795

1. Malware from Github link and Fake Wallet

Thread: Get Covid-19!... Coin <---- DELETE

Profile Link: ravenhearti
----> BRAND NEW

Archive: https://archive.fo/Qk6cO

Virus Total Link/s:

https://www.virustotal.com/gui/file/9fff94b3ef7fb3924c83eff47e9d020c24848cb3f92fb50abc5f9a3b6160da1e/detection

Code:

https://getcovid19.org/files/covid-19.tar.gz

*EDIT
The whitepaper on their website seemed to have copied directly from Bitcoin's whitepaper. Mods, kindly nuke the account and ban him as he is starting to create chaos in the ANN board.

https://getcovid19.org/wp-content/uploads/2021/02/whitepaper.pdf

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: qwertyup23 on February 09, 2021, 09:38:54 PM

[ANN] [VK7R] [Vektorcoin] Worlds best upcoming esports coin

The Vektorcoin thread was re-posted shortly after the old one was removed, same wallets again, and the account used to start the topic is likely to be compromised, his password has recently been changed.

[ANN] [VEKTORCOIN] Esports coin <-- DELETE

(archive)

Code:

windows wallet https://dl.walletbuilders.com/download?customer=5e9b9527c50fbb9e27cc83d3589f1c03014b9ba7fd7d20d0f6&filename=vektorcoin-qt-windows.zip

linux wallet: https://dl.walletbuilders.com/download?customer=5e9b9527c50fbb9e27cc83d3589f1c03014b9ba7fd7d20d0f6&filename=vektorcoin-qt-linux.tar.gz

Wallet scan, thanks to @qwertyup23!

virustotal results:

https://www.virustotal.com/gui/file/0a45db818a69f52f4b6761d881cecb6671e5ec33374e49fc765c66e5fb821879/detection
https://www.virustotal.com/gui/file/6731066a4f931a1e673c5435c2747645b6a91c8ae49d504de7775f7f237196ae/detection

note to self, watch these accounts:

Godson_Mansa
jimlite
trader19
procrypto

qwertyup23

hero member

Activity: 2282

Merit: 795

1. Malware from Github link and Fake Wallet

Thread: [ANN] [VK7R] [Vektorcoin] Worlds best upcoming esports coin <---- DELETE

Profile Link: owvids
----> Last post November 09, 2017

Archive: https://archive.fo/ghDxD

Virus Total Link/s:

Code:

 https://dl.walletbuilders.com/download?customer=5e9b9527c50fbb9e27cc83d3589f1c03014b9ba7fd7d20d0f6&filename=vektorcoin-qt-windows.zip

Code:

 https://dl.walletbuilders.com/download?customer=5e9b9527c50fbb9e27cc83d3589f1c03014b9ba7fd7d20d0f6&filename=vektorcoin-qt-linux.tar.gz

Lafu

legendary

Activity: 3178

Merit: 3295

Quote from: jerry0 on February 09, 2021, 01:44:47 AM

What about links on peoples profiles? Wouldn't many of those links probalby have malware/keylogger?

If you found some Accounts or Users that have that kind of links in there signature or profiles just post it in here with all the Information about ,
and if possible a proof of that the links are Malware or other shady Software.

Username and link to the Userprofile and what kind of link .
Use the Code fubction

Code:

this

for the link so nobody can click it.

One of the Moderators or Global Mods checking this Thread everytime a new post is done and they can take some action if needed.

rat03gopoh

hero member

Activity: 2254

Merit: 680

Signature designer - start @$10 - PM me!

Quote from: jerry0 on February 09, 2021, 01:44:47 AM

What about links on peoples profiles? Wouldn't many of those links probalby have malware/keylogger?

This forum ism't also equipped with a report button on the profile page. Maybe you can report it here or create a new thread on the Meta board for faster handling by global mods.

jerry0

full member

Activity: 1792

Merit: 186

What about links on peoples profiles? Wouldn't many of those links probalby have malware/keylogger?

Lafu

legendary

Activity: 3178

Merit: 3295

Fake ANN !

Thread : [ANN] [SCHO] SCHOLARSHIP - send money to friends and businesses [ASIC/Scrypt]

User : ScholarshipCoin <------ Please ban that User and delete the Thread

Just registered Today
The Fake Github was just registered 4 Hours ago

Archive : https://archive.fo/wip/LXTjK

Code:

[b]Wallets[/b]
Windows: [url=https://github.com/scholarshlpcoin/scholarshipcoin/releases/download/v0.18.4/Scholarship-QT-Windows.zip]https://github.com/scholarshipcoin/scholarshipcoin/releases/download/v0.18.4/Scholarship-QT-Windows.zip[/url]

Fake Github : https_://github.com/scholarshlpcoin/scholarshipcoin/releases/download/v0.18.4/Scholarship-QT-Windows.zip
And there is only this one download file with a size of 18.9 MB

Real Github : https_://github.com/scholarshipcoin/scholarshipcoin/releases/download/v0.18.4/Scholarship-QT-Windows.zip
Here are many download and other Files and the zip file has a size of 16.6 MB

The difference between this 2 Links are :

Fake Github is scholarshlpcoin
Real Github is scholarshipcoin

There is no ANN as i havnt found one but on there Website you can see and find the Real Github and download link.

Website : https://scholarshipcoin.org/

Lafu

legendary

Activity: 3178

Merit: 3295

4 of that 8 detections are false positive as it looks , and the others for sure dosnt looks nice.
Archive.Trojan.Agent.IY4X2W is a modded version of some kind of Malware that operates in th backdoors.
Win32:Malware-gen is Malware and helps to get a remote control of the PC and also can be used to steal personal data and other things.
Source : https://dieviren.de/win32malware-gen/

qwertyup23

hero member

Activity: 2282

Merit: 795

Malware from Github link

Thread: Snatcoin [SNAT] relaunch <---- DELETE

Profile Link: UnbrokenSnat
----> BRAND NEW: January 25, 2021

Archive: https://archive.fo/h6gX8

Virus Total Link: https://www.virustotal.com/gui/file/a3e3409ba26cb50ca3157fa8308216f4a63bec24c49861beaac5ac4819f0cc85/detection

Code:

 https://snatcoin.org/releases/snatcoin_v101b.rar

qwertyup23

hero member

Activity: 2282

Merit: 795

Seems like their ANN threads are still here. Kindly delete and nuke these bastards, thank you!

Original ANN of GATECOIN :

Code:

https://bitcointalk.org/index.php?topic=5267955.0

FAKE GATECOIN THREAD:
USER: ka4604-435
https://bitcointalksearch.org/topic/anngatecoin-gatemining-by-miners-for-miners-blake-256-5312641

Original ANN of INDIUM:

Code:

https://bitcointalk.org/index.php?topic=5274006

FAKE INDIUM THREAD:
USER: clausis
https://bitcointalksearch.org/topic/--5312630

Original ANN of MOBILECOIN :

Code:

https://bitcointalk.org/index.php?topic=5080600.0

FAKE MOBILECOIN THREAD:
USER: max.ribery
https://bitcointalksearch.org/topic/ann-mobilepaycoin-ai-mcpc-masternodesposlive-on-crex24-5312649

qwertyup23

hero member

Activity: 2282

Merit: 795

Kindly delete all of these fake threads, thank you!

Original ANN of GATECOIN :

Code:

https://bitcointalk.org/index.php?topic=5267955.0

FAKE GATECOIN THREAD:
USER: monasti68
https://bitcointalksearch.org/topic/anngatecoin-gatemining-by-miners-for-miners-blake-256-5312618

Original ANN of INDIUM:

Code:

https://bitcointalk.org/index.php?topic=5274006

FAKE INDIUM THREAD:
USER: franz.perthen
https://bitcointalksearch.org/topic/annpowind-indium-argon2id-chukwa-5312617

Original ANN of MOBILECOIN :

Code:

https://bitcointalk.org/index.php?topic=5080600.0

FAKE MOBILECOIN THREAD:
USER: peter.horvat

Rikafip

legendary

Activity: 1722

Merit: 5937

Several fake announcement threads with malware appeared this morning, please delete them and nuke the users. It's probably the same person behind all 4 fake ANN threads as M.O. is the same: all four accounts are made today, threads are locked, githubs recently created etc.

User remuskraenze
ANN [ANN][POW][IND] Indium - Argon2id Chukwa
Archive https://loyce.club/archive/posts/5619/56198845.html

Code:

https://github.com/indium-source/qt-v1.0.0.0/releases/download/v1.0.0.0/indium-v1.0.0.0.zip

User patrickrottstedt
ANN [ANN]Gatecoin & Gatemining by miners for miners [Blake-256]
Archive https://loyce.club/archive/posts/5619/56199076.html

Code:

https://github.com/Gate-source/qt/releases/download/v1.0.0.4/gatecoin-qt.zip

User bayerer
ANN [ANN] MobilePayCoin ⭐️ MCPC MASTERNODES/POS(LIVE ON CREX24)
Archive https://loyce.club/archive/posts/5619/56198844.html

Code:

 https://github.com/mcpc-source/mcpc/releases/download/v1.5.0/MobilePayCoin-core.zip

User martinaroehr
ANN [ANN]Gatecoin & Gatemining by miners for miners [Blake-256]
Archive https://loyce.club/archive/posts/5619/56198841.html

Code:

https://github.com/Gate-source/qt/releases/download/v1.0.0.4/gatecoin-qt.zip

qwertyup23

hero member

Activity: 2282

Merit: 795

Lots of fake ANNs are resurfacing once again. Kindly delete all of these threads and posts, thank you very much!

Original ANN of GATECOIN :

Code:

https://bitcointalk.org/index.php?topic=5267955.0

FAKE GATECOIN THREADS:
https://bitcointalksearch.org/topic/anngatecoin-gatemining-by-miners-for-miners-blake-256-5310912
https://bitcointalksearch.org/topic/anngatecoin-gatemining-by-miners-for-miners-blake-256-5310901

Original ANN of INDIUM:

Code:

https://bitcointalk.org/index.php?topic=5274006

FAKE INDIUM THREAD:
https://bitcointalksearch.org/topic/annpowind-indium-argon2id-chukwa-5310910

... will update this list if ever they post again

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 28. (Read 38148 times)