Bitcoin Forum>Other>Meta
Pages:
Author

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 3. (Read 36997 times)

Lafu
legendary
Activity: 3136
Merit: 3213
Re: Report Malware and Suspicious Links here so Mods can take Action !
September 11, 2024, 05:55:58 AM
#1547
We have again an Fake Ann Thread with the Fake Github Malware download Link for Mulierum!

Fake Github : github.com/mulierum
The Wallet File there was just uploaded 40 Min ago with an size of 116 MB
Source : https://www.virustotal.com/gui/file/b1acdc009df8f2af7e45b6216fd94179d05d1b335f4cdbc146a72e3e37d98a53/detection

If you install that Fake Wallet file and starting it it will be a remote desktop access program be installed
Code:
Processes created
"C:\Users\\AppData\Roaming\rustdesk.exe"
C:\Users\\AppData\Roaming\Zlvmon_v3\rustdesk.exe
Sorce : https://www.virustotal.com/gui/file/b1acdc009df8f2af7e45b6216fd94179d05d1b335f4cdbc146a72e3e37d98a53/behavior

Account : CCMS  <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was August 14, 2024 , so its freshly hacked or sold.

Fake Ann Thread : [ANN] Mulierum | POW | GhostRider
As always the Thread is self moderated from the hackers.

Quote from: CCMS on September 11, 2024, 05:39:29 AM
Wallet:
Code:
Windows: https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
Linux: https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz

And another User posted it also
Account : Cholidm  <--- Please ban or Lock that Account and delete the Thread

Quote from: Cholidm on September 11, 2024, 07:23:01 AM
Wallet:
Code:
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz]


This post is also a reference for the Github Report !
$crypto$
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
Re: Report Malware and Suspicious Links here so Mods can take Action !
September 04, 2024, 12:03:28 AM
#1546
Full member users who just woke up/hacked back are spreading the virus with two threads at once, please be careful.

Account: BlueStone This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider

Quote from: ?? on ??
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz

Fake ANN: [ANN][SSPOS] CodeBlock Blockchain: Welcome to a New Era

Quote from: BlueStone on September 03, 2024, 09:25:01 PM
Code:
https://github.com/CodeBlockMainnet/CodeBlock/releases/download/1.3.1/CodeBlock-wallet_v1.3.1.zip
Ms_Mining
member
Activity: 205
Merit: 43
✔️ Telegram @miningrelease
Re: Report Malware and Suspicious Links here so Mods can take Action !
September 02, 2024, 07:12:25 AM
#1545
Account: DareToken  <= Please Banned
Fake Ann topic: [ANN] Mulierum | POW | GhostRider


Quote from: DareToken on September 02, 2024, 06:50:54 AM
Wallet:

Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz

$crypto$
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 31, 2024, 03:05:33 AM
#1544
The hacked Hero Member account last posted in 2015 and is now actively spreading the virus via Github.

Account: Herbert This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider

Quote from: Herbert on August 31, 2024, 12:50:24 AM
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
MiningCoinsPool
member
Activity: 450
Merit: 10
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 21, 2024, 06:47:07 AM
#1543
Same guy again https://bitcointalksearch.org/topic/ann-aldibi-aldb-best-coin-possible-5506842
Lafu
legendary
Activity: 3136
Merit: 3213
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 20, 2024, 08:30:40 PM
#1542
Yeb its again a Fake Ann with Malware download Link from there Webpage this time for Aldibi

Fake download Wallet File on the Webpage:
Code:
download.aldibi.com/files/aldibi-qt-windows.zip

Also there is a Fake Github Link on there Page that is already deleted.
Fake Github : github.com/aldibi-coin/core

The sandbox CAPE Sandbox flags this file as: MALWARE RAT
The sandbox Zenbox flags this file as: MALWARE EVADER
Code:
Drops script at startup location
ET MALWARE Common RAT Connectivity Check Observed
ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
Source : https://www.virustotal.com/gui/file/7fb14f997b1c92cc4d7a70db91657fc01f5feba66c9dd1e1b918567280218e37/behavior

Account : qiqikesfket  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 04, 2021 , Hacked or sold Account

Fake Ann Thread:  [ANN] Aldibi: Empowering the Next Era of Global Transactions

Quote from: ?? on ??
Aldibi (ALDB)
Code:
https://aldibi.com/
MiningCoinsPool
member
Activity: 450
Merit: 10
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 20, 2024, 08:03:28 PM
#1541
Trojan in the Windows binary available for download from their website: https://aldibi.com/

https://bitcointalksearch.org/topic/--5506809
Ms_Mining
member
Activity: 205
Merit: 43
✔️ Telegram @miningrelease
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 19, 2024, 04:37:34 AM
#1540
Account: Tam.Shams  <= Please Banned
Fake Ann topic: [ANN] Mulierum | POW | GhostRider


Quote from: Tam.Shams on August 19, 2024, 03:28:24 AM
Wallet:

Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
Ms_Mining
member
Activity: 205
Merit: 43
✔️ Telegram @miningrelease
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 15, 2024, 04:09:53 AM
#1539
Account: pedpedped101  <= Please Banned
Fake Ann topic: [ANN] Mulierum | POW | GhostRider

Quote from: pedpedped101 on August 14, 2024, 10:26:25 PM
Wallet:

Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
$crypto$
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 12, 2024, 08:41:18 AM
#1538
Another hacked account spreading the virus via a Github link

Account: ikanunaki accounnt hacked and please ban
Fake ANN: [ANN] Mulierum | POW | GhostRider

Quote from: ikanunaki on August 12, 2024, 08:12:36 AM
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
Lafu
legendary
Activity: 3136
Merit: 3213
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 12, 2024, 03:42:35 AM
#1537
And again we have a new Fake Ann Thread with an Fake Github Account and Malware download Link for Mulierum !

The Fake Github was just created 1 Hour ago.

Fake Github : github.com/mulierum

The Download Wallet File is 100 MB big and the same as we got already in the past.

Code:
[code]
C:\Users\\AppData\Roaming\ObjectDock.exe"
C:\Users\\AppData\Roaming\tg_Sync\ObjectDock.exe
C:\Windows\system32\SecurityHealthService.exe
C:\Windows\system32\WerFault.exe -u -p 636 -s 504
[/code]
Source : https://www.virustotal.com/gui/file/b6761479c00cffc7e99e820060518b12024e533fbc908da116ecce2a4cb2759d/behavior

Account : havi agasa  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since June 08, 2017 , and the last post from that User was back in July 04, 2021 , Hacked or sold Account

Fake Ann Thread :  [ANN] Mulierum | POW | GhostRider

Quote from: ?? on ??
Mulierum
Wallet:
Code:
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz

This post is also a reference for the Github Report !
Mitchell
copper member
Activity: 3948
Merit: 2201
Verified awesomeness ✔
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 11, 2024, 05:30:29 AM
#1536
Quote from: FatFork on August 11, 2024, 04:50:32 AM
If anyone has more experience with analyzing obfuscated javascript code and is willing to try, it would be interesting to find out what the script actually does.


I tried using some online tools: https://private.coinsofnakamoto.com/?b4527618e0f7c407#2jRhaSBjdSStxKnJApfAMhszgfJM3mLJv4giXjN94UGz (do not run this, obv).

They seem to pick a random BTC address from the list, replace the one on the page (including the QR code) and then do a call to pipedream with some basic description (which seems to return 204). Very basic stuff honestly.
FatFork
legendary
Activity: 1624
Merit: 2594
Top Crypto Casino
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 11, 2024, 04:50:32 AM
#1535
A potential scam unfolding in the "Question about selling free giftcards" thread - [https://bitcointalk.org/index.php?topic=5505793.0]

Here's what we know:

A new member, Revaniz, claims to have found a method for free gift cards and offers to sell them.
Another new member, WARtoze99, suggested a platform for selling the gift cards only twenty seconds later, then asked for the method to obtain them.
Revaniz provides a Google Drive link claiming to be the exploit method.

Code:
https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?OAxXtfCKIY

The fake exploit method they promote involves installing a greasemonkey/tampermonkey script into the user's browser. The script is heavily obfuscated and undoubtedly contains a malicious payload designed to steal your crypto or worse.

Code:
Link #1 https://paste.sh/7vnaa5T9#rnL_3Gbklz9HKMIUKuPPG3yf
Link #2 (backup) https://files.catbox.moe/1evss2.txt

If anyone has more experience with analyzing obfuscated javascript code and is willing to try, it would be interesting to find out what the script actually does.
Crypto Library
hero member
Activity: 1036
Merit: 933
Find your Digital Services at- cryptolibrary.pro
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 11, 2024, 03:53:04 AM
#1534
Quote from: Lafu on August 11, 2024, 03:41:47 AM
And we  got the next Fake Ann Thread with an already used Fake Github Account with Malware , this time for Binarium!
<✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂>

Fake Ann Thread :  [ANN] Binarium | POW | GhostRider
owh gosh they are fake !!!

I just visited their thread  and I was also looking at their officials representative social handles for offering  some business  Tongue .

Anyway bad luck for those scammers thanks again for the catch.
Lafu
legendary
Activity: 3136
Merit: 3213
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 11, 2024, 03:41:47 AM
#1533
And we  got the next Fake Ann Thread with an already used Fake Github Account with Malware , this time for Binarium!

The Fake Github was already used for NOTPOW.

Fake Github :
github.com/NOTPOW/NOTPOW-frens
github.com/NOTPOW/Binarium

The Malware File was just uploaded 50 Min ago.

Account : nosmis  <--- Please ban or Lock that Account and delete the Thread
Registered since July 11, 2017, Hacked or sold Account
Last post was back in May 11, 2021

Fake Ann Thread :  [ANN] Binarium | POW | GhostRider

Quote from: nosmis on August 11, 2024, 02:45:03 AM
Binarium is our first major blockchain project.
Windows:
Code:
https://github.com/NOTPOW/Binarium/releases/download/1.0.3/Binarium-win64-v.1.0.1.zip

This post is also a reference for the Github Report !
Crypto Library
hero member
Activity: 1036
Merit: 933
Find your Digital Services at- cryptolibrary.pro
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 11, 2024, 12:56:00 AM
#1532
Quote from: Lafu on August 09, 2024, 04:37:42 AM
Yes its a Fake Ann again with the same sheme as the others , this time its Liaron Coin (LRN)
Good catch dude!
Here I found kinda same before I have reported some that show how to exploit the gambling site and they put the google drive link and using pdf file and put those phisy links on there and as well as the fishy method. And they also use their alt account to shows some positive touch and they also the locked the topic so that no one can say anything negative about them.

Now they have brought little changed in their plan they try to use now amazon exploit method .



https://www.virustotal.com/gui/url/7e77225a88bab643cce7f1b795e3064937af1bed4708fbfd54c7f8b5342e8791


Account: Revaniz (need to be ban ASAP)
Try to Phishing people by Site Exploit Method


Quote from: ?? on ??

Hey guys, so I came around a method for free giftcards today, I used it and got 2x $500 Amazon giftcards.

I'm kinda scared to use them myself on my Amazon profile becuase I have my real data here, so I'm worried if the store could know this giftcard is from an exploit and then charge the money from me.

So the question is - Do you know how I can quickly sell these giftcards for Bitcoins or Cashapp?

Or maybe any of u guys want to buy 2x$500 Amazon cards for 600$ for both? This is proof that I got them : https://i.imgur.com/APZsWNs.png

We can use middleman ofc since I am not trusted here, let me know if u know any way to sell them or if u wanna buy them
View Archive

Quote from: ?? on ??
Code:
[size=5pt]https://drive .google. com/file/d/ 1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?OAxXtfCKIY

that's the method bro, but dont use it with more than 1000$, they will block the payment.

I will try paxful, thanks btw

closed for now, if I have any more questions i will let u know guys ! love u[/size]


View Archive

Lafu
legendary
Activity: 3136
Merit: 3213
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 09, 2024, 04:37:42 AM
#1531
Yes its a Fake Ann again with the same sheme as the others , this time its Liaron Coin (LRN)

The Fake Github was just created yesterday

Fake Github : github.com/liaron-coin

Fake Webpage :
Code:
https://liaron.com/

When downloading the file from there or from the Webpage i getting instant a warning from Windows that the File is an Virus or Malware.

Account :  pevirtiunes  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 04, 2021, Hacked or sold Account

Fake Ann Thread : [ANN] 💥 Liaron Coin (LRN) – Your Ticket to the Future of Digital Currency!💥

Thanks to MiningCoinsPool
Quote from: MiningCoinsPool on August 08, 2024, 09:07:10 PM
https://bitcointalksearch.org/topic/ann-liaron-coin-lrn-your-ticket-to-the-future-of-digital-currency-5505577
Trojan in the windows binary from that post - please delete it


And we have another new Fake Ann Thread with Malware download Link for NOTPOW !

Fake Github : github.com/NOTPOW
Malware Wallet File was uploaded just 50 Min ago

Code:
Win32:Malware-gen
Malware.SwollenFile!1.E38A (CLASSIC)

This Files will be started when you install the file and start it
Code:
C:\Users\\AppData\Roaming\tg_Sync\ObjectDock.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost
C:\Windows\system32\WerFault.exe -u -p 3956 -s 532
C:\Windows\system32\services.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

https://www.virustotal.com/gui/file/e1452648afbd302b5cc88e540ff23fc806052d7ce9a6f52a23bdd7caff8c714f/detection

Account : Pelunize12  <--- Please ban or Lock that Account and delete the Thread
Registered since August 27, 2016, and last post was back in Jan 2020 , Hacked or sold Account

Fake Ann Thread :  [ANN] NOTPOW | Probably nothing

Quote from: ?? on ??
NOTPOW wallet
Code:
https://github.com/NOTPOW/NOTPOW-frens/releases/download/1.0.1/NOTPOW-frens-v.1.0.1-0.zip

This post is also a reference for the Github Report !
MiningCoinsPool
member
Activity: 450
Merit: 10
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 08, 2024, 09:07:10 PM
#1530
https://bitcointalksearch.org/topic/ann-liaron-coin-lrn-your-ticket-to-the-future-of-digital-currency-5505577

Trojan in the windows binary from that post - please delete it
Lafu
legendary
Activity: 3136
Merit: 3213
Re: Report Malware and Suspicious Links here so Mods can take Action !
August 07, 2024, 09:07:56 AM
#1529
And we have again the same Fake Ann as the last time with a Fake Github Account and Malware download Link on the Website for Azlora (AZL).

The Fake Github Account was created 4 days ago and the Malware File uploaded 16 Hours ago.

Fake Github : github.com/Azlora

Also here the sandbox CAPE Sandbox flags this file as: RAT MALWARE
Code:
Drops script at startup location
Suspicious DNS Query for IP Lookup Service APIs
Startup Folder File Write
Usage Of Web Request Commands And Cmdlets - ScriptBlock
RegAsm.EXE Initiating Network Connection To Public IP
Potentially Suspicious CMD Shell Output Redirect
Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
ET MALWARE Common RAT Connectivity Check Observed
A Network Trojan was detected
Source : https://www.virustotal.com/gui/file/0672dfa586109d7b621757ed3e554e97b3cda928797ccf4f07fc192ab43597f7/behavior

Suspicious IP Connection:
Code:
ttasstsat.tech
lifehackov.ru
Source : https://www.virustotal.com/gui/file/0672dfa586109d7b621757ed3e554e97b3cda928797ccf4f07fc192ab43597f7/relations

Account : Zahjejjiko  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 04, 2021 , Hacked or sold Account

Fake Ann Thread :  [ANN] Azlora (AZL) - The Meme Coin That’s Out of This World!
Thread is Self Moderated as always from the hackers and 18 comments already deleted.

Quote from: ?? on ??
Project Name: Azlora   
Code:
https://azlora.com

This post is also a reference for the Github Report !
Lafu
legendary
Activity: 3136
Merit: 3213
Re: Report Malware and Suspicious Links here so Mods can take Action !
July 30, 2024, 03:52:38 AM
#1528
We have a new Fake Ann with an Fake Website that have a Malware download Wallet file from a Fake Github Account for Friemon Coin !

The Fake Github Account was created 4 days ago and the Malware files was uploaded 9 hours ago.

Fake Github : github.com/Friemon

The sandbox CAPE Sandbox flags this file as: RAT MALWARE
Code:
Drops script at startup location
Suspicious DNS Query for IP Lookup Service APIs
Startup Folder File Write
Usage Of Web Request Commands And Cmdlets - ScriptBlock
RegAsm.EXE Initiating Network Connection To Public IP
Potentially Suspicious CMD Shell Output Redirect
ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
INDICATOR-SHELLCODE x86 NOOP
Source : https://www.virustotal.com/gui/file/54138d80e63cbb98ae02c2a806cd8b38824766332c8692c881afdd065514bf85/behavior

Account : uadrenopl  <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 02, 2021 , Hacked or sold Account

Fake Ann Thread : ANN] Friemon Coin (FRMN) - The Friendliest Meme Coin!

Quote from: ?? on ??
Friemon Coin is an innovative memecoin designed to bring fun and utility to the cryptocurrency world. Focused on community engagement and real-world applications, it aims to revolutionize digital transactions with a friendly twist.
Code:
Website: [url=https://friemon.com]friemon.com[/url]

On top of that the Fake Website is hosted from UK in Manchester

This post is also a reference for the Github Report !
Pages:
Bitcoin Forum>Other>Meta
Jump to: