Report Malware and Suspicious Links here so Mods can take Action ! - page 51.

Rizzrack

copper member

Activity: 783

Merit: 710

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: morvillz7z on June 22, 2020, 10:30:00 AM

Hey Rizzrack,

Can you look up the following account - bagera? He is spamming that fake KawPowMiner in various alt threads.
...

indeed seems hacked and indeed was spreading the fake repo to the communlty ...
Good catch !

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Hey Rizzrack,

Can you look up the following account - bagera? He is spamming that fake KawPowMiner in various alt threads.

Ravencoin - https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497 (archive)
Ethereum Classic - https://bitcointalksearch.org/topic/ann-etc-ethereum-classic-immutable-smart-contracts-5134923 (archive)
Ubiq - https://bitcointalksearch.org/topic/annubq-ubiq-smart-contracts-for-an-automated-world-1763606 (archive)
Ethereum - https://bitcointalksearch.org/topic/ann-ethereum-welcome-to-the-beginning-428589 (archive)

His first post since December 29, 2018 was a link to RavenCommunlty GitHub repo made back in May, which indicates that it's probably a hacked account.

Rizzrack

copper member

Activity: 783

Merit: 710

Defend Bitcoin and its PoW: bitcoincleanup.com

Noticed that [ANN] KawPowMiner v1.2.3 - first miner for KawPow algo [AMD/Nvidia+Win/Linux] posted by KawPowBoo had phishing links for wallet downloads

Code:

Real: Windows: https://github.com/RavenCommunity/kawpowminer/releases/download/1.2.3/kawpowminer-windows-1.2.3.zip
Fake: Windows: https://github.com/RavenCommunlty/kawpowminer/releases/download/1.2.3/kawpowminer-windows-1.2.3.zip

Thread trashcanned
Archived: https://archive.vn/HTSbC

OP's account was locked.
Definitely had the good github repo and edited it later on. As OP admitted he was hacked (but I call BS on that)

Another one for the list I guess...

P.S. sent a merit to the first guy who mentioned the link issue before trashing the thread (just so we're clear on that Tongue

)

Lafu

legendary

Activity: 3136

Merit: 3213

I was thinking from the beginning as i have seen and readed the thread that there is something strange.
And as i have written in the thread why he hasnt posted the Website and original github link.
Nice catching and watching on that morvillz7z, thank you .

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: Lafu on June 19, 2020, 09:39:40 PM

Suspicious ANN !!

Thread : [ANN] [HNS] HandShake - peer-to-peer root system [POW/Own algo/Exchanges]

We got in the past an User firehawk71 that has posted the same ANN too but it got deleted !

This is indeed suspicious but i think i was only able to report firehawk71 for his Tellor (TRB) and Kadena fake threads and not for HandShake.

firehawk71 was trying to push the following GitHub: "https_://github.com/kyokano" http://loyce.club/archive/posts/5386/53868592.html

I wouldn't be surprised if both accounts "kyokan" and "kyokano" are malicious, especially after reading these two comments:

http://loyce.club/archive/posts/5399/53998776.html
http://loyce.club/archive/posts/5398/53983159.html

Quote from: Lafu on June 19, 2020, 09:39:40 PM

Dont know whats going on with this thread from that User and will watching it !

I think i will do the same!

edit;

It turns out it is a fake ANN, OP changed the windows wallet link earlier today:

http://archive.md/VkcnK

from: https_://github.com/kyokan to https_://github.com/kyolkan/ (created two days ago)

Code:

https://github.com/kyolkan/bob-wallet/releases/download/v0.3.0/Bob.0.3.0.zip

Lafu

legendary

Activity: 3136

Merit: 3213

Suspicious ANN !!

Thread : [ANN] [HNS] HandShake - peer-to-peer root system [POW/Own algo/Exchanges]

User : HandShakes

Archive : https://archive.fo/wip/x1Pzf

Code:

Wallets
Windows: https://github.com/kyokan/bob-wallet/releases/download/v0.3.0/Bob.0.3.0.msi
MAC: https://github.com/kyokan/bob-wallet/releases/download/v0.3.0/Bob-0.3.0.dmg

Looks like copied and pasted from there Webpage as there is no source link in the Thread !

Quote from: HandShakes on June 19, 2020, 09:12:38 AM

About HNS
HandShake - decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems. Names on the internet (top level domains, social networking handles, etc.) ultimately rely upon centralized actors with full control over a system which are relied upon to be honest, as they are vulnerable to hacking, censorship, and corruption. Handshake aims to experiment with new ways the internet can be more secure, resilient, and socially useful with a peer-to-peer system validated by the network's participants.

Quote

ABOUT HANDSHAKE
Handshake is a decentralized, permissionless naming protocol where every peer is validating and in charge of managing the root DNS naming zone with the goal of creating an alternative to existing Certificate Authorities and naming systems. Names on the internet (top level domains, social networking handles, etc.) ultimately rely upon centralized actors with full control over a system which are relied upon to be honest, as they are vulnerable to hacking, censorship, and corruption. Handshake aims to experiment with new ways the internet can be more secure, resilient, and socially useful with a peer-to-peer system validated by the network's participants.

Source : https://handshake.org/

The next thing is on the Github from github.com/kyokan is also a folder github.com/kyokan/hsd/releases !

But on the Webpage https://handshake.org/ they have the Github:

Code:

https://github.com/handshake-org

Dont know whats going on with this thread from that User and will watching it !

We got in the past an User firehawk71 that has posted the same ANN too but it got deleted !

busminer

hero member

Activity: 1764

Merit: 570

Twitter\X @AlexKosa1

Quote from: Rikafip on June 18, 2020, 05:28:22 AM

Quote from: busminer on June 18, 2020, 04:55:33 AM

Do you guys have any thoughts on this ?

First thing, there is no need to quote their whole ANN when you are reporting something suspicious, link to topic and archived version is enough.

Regarding that DSF project, whether they intend to spread malware I don't know, but they are obviously shilling their thread. Newbie accounts made in 2018/2019 with no prior activity suddenly appeared just when this thread has been made, and showing classic shill behavior. That is not something that any legit project would do, and is a big red flag in my eyes (not the reason to delete the thread though, but you can always report shill posts, and usually they get deleted.) So yeah, they are definitely suspicious.

Quote edited, keep watching them, thanks.

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: busminer on June 18, 2020, 04:55:33 AM

Do you guys have any thoughts on this ?

First thing, there is no need to quote their whole ANN when you are reporting something suspicious, link to topic and archived version is enough.

Regarding that DSF project, whether they intend to spread malware I don't know, but they are obviously shilling their thread. Newbie accounts made in 2018/2019 with no prior activity suddenly appeared just when this thread has been made, and showing classic shill behavior. That is not something that any legit project would do, and is a big red flag in my eyes (not the reason to delete the thread though, but you can always report shill posts, and usually they get deleted.) So yeah, they are definitely suspicious.

busminer

hero member

Activity: 1764

Merit: 570

Twitter\X @AlexKosa1

Quote from: busminer on June 17, 2020, 12:34:42 AM

Very suspicious in my opinion,this user's password was reset recently,a self-moderated topic
https://www.hybrid-analysis.com/sample/263eeb10202871d0567073eeb9c6ea3b111260f22021f7ed069cd52c1a22054f

User DSFchain https://bitcointalksearch.org/user/dsfchain-2797527
https://bitcointalksearch.org/topic/m.54633842

Quote from: DSFchain on June 17, 2020, 12:21:35 AM

Only newbie posting there trying to shill...there are no chats for the community, the site was registered in April and only for one year
also this
https://www.hybrid-analysis.com/sample/263eeb10202871d0567073eeb9c6ea3b111260f22021f7ed069cd52c1a22054f/5ee9a8fa5dd58b19c44c4972

Quote

equires permissions that could be uesd for malicious intents

details
   Permission request for "android.permission.ACCESS_COARSE_LOCATION"
   Permission request for "android.permission.ACCESS_FINE_LOCATION"
   Permission request for "android.permission.INTERNET"
   Permission request for "android.permission.WRITE_EXTERNAL_STORAGE"
   Permission request for "android.permission.READ_PHONE_STATE"
   Permission request for "android.permission.READ_CONTACTS"
   Permission request for "android.permission.CALL_PHONE"
   Permission request for "android.permission.CHANGE_WIFI_STATE"
   Permission request for "android.permission.CHANGE_WIFI_MULTICAST_STATE"
   Permission request for "android.permission.RECORD_AUDIO"
   Permission request for "android.permission.GET_TASKS"
   Permission request for "android.permission.MANAGE_ACCOUNTS"
   Permission request for "android.permission.MOUNT_UNMOUNT_FILESYSTEMS"
   Permission request for "android.permission.BLUETOOTH"
   Permission request for "android.permission.BLUETOOTH_ADMIN"
   Permission request for "android.permission.CAMERA"
   Permission request for "android.permission.CHANGE_NETWORK_STATE"
   Permission request for "android.permission.MODIFY_AUDIO_SETTINGS"
   Permission request for "android.permission.SYSTEM_ALERT_WINDOW"
   Permission request for "android.permission.RECEIVE_BOOT_COMPLETED"
source
   Static Parser
relevance
   10/10

Do you guys have any thoughts on this ?

Bitcoinsummoner

hero member

Activity: 1456

Merit: 624

Maintain Social Distance, Stay safe.

Quote from: Lafu on June 17, 2020, 05:05:11 PM

It always bring you just to the thread on the first page when you click the link on the flag.

Will it always redirect to the first page of the thread? What if we give reference of a post instead of a topic which we can copied from the number of the post at the right side of the post?

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: Lafu on June 17, 2020, 05:05:11 PM

I support this Flag but you have to create maybe for Flags your one thread in Reputation.
Because the link on the Falg just directing to the thread and not to your post .
It always bring you just to the thread on the first page when you click the link on the flag.
And you have to research the whole thread for the post for the Flag.

Maybe that would be an suggestion for @theymos that its allowed also to link to posts on flaggs when you create them.

The flag is more to put up a big warning to any guest / new person who looks at the post.
It's not like anyone is really going to dispute it. Since these threads tend to be moderated posting the "It's a virus" warning can only do so much. A banner that says do not trust might do a bit more.

-Dave

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: DaveF on June 17, 2020, 04:31:46 PM

Malware --> https://bitcointalksearch.org/topic/--5256330
Archive --> http://archive.is/mQb4K
Please ban this user --> https://bitcointalksearch.org/user/h4rdc0r3r1c-19633

Support the flag --> https://bitcointalk.org/index.php?action=trust;flag=2032

Original ANN --> https://bitcointalksearch.org/topic/ann-2x2-pos-coin-staking-rewards-1-every-day-365-roi-5187844

-Dave

I support this Flag but you have to create maybe for Flags your one thread in Reputation.
Because the link on the Flag just directing to the thread and not to your post .
It always bring you just to the thread on the first page when you click the link on the flag.
And you have to research the whole thread for the post for the Flag.

Maybe that would be an suggestion for @theymos that its allowed also to link to posts on flaggs when you create them.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Malware --> https://bitcointalksearch.org/topic/--5256330
Archive --> http://archive.is/mQb4K
Please ban this user --> https://bitcointalksearch.org/user/h4rdc0r3r1c-19633

Support the flag --> https://bitcointalk.org/index.php?action=trust;flag=2032

Original ANN --> https://bitcointalksearch.org/topic/ann-2x2-pos-coin-staking-rewards-1-every-day-365-roi-5187844

-Dave

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: Rizzrack on June 17, 2020, 12:20:54 PM

Back then there was no restriction about that. Any user could set up an avatar regardless of his rank.

Ah I see, thanks for explanation. I've seen those before and always wondered how can they wear avatar but felt kinda stupid to ask :p

Another fake ANN with malware, and again scammer is using an old account from 2011.

User yashpatel
ANN [ANN]INFINITE RICKS ! First Multiverse Cryptocurrency ! PoS 307%
Archive https://archive.fo/Idyid

Code:

https://mega.nz/folder/gbgDRYIK#4fttV9HdqJfL87ea4YNXWA

Real ANN INFINITE RICKS ! First Multiverse Cryptocurrency ! PoS 307%

Rizzrack

copper member

Activity: 783

Merit: 710

Defend Bitcoin and its PoW: bitcoincleanup.com

Back then there was no restriction about that. Any user could set up an avatar regardless of his rank.

Rikafip

legendary

Activity: 1722

Merit: 5937

Another fake ANN with possible malware. Account was created back in 2012, had no posts and now suddenly awakes and makes this thread.

User Julialacey
ANN [ANN]XUNI UltraNote Infinity - Your Personal Privacy Blockchain Solution
Archive https://archive.fo/eKLtf

Code:

https://mega.nz/folder/BCw3XQpJ#c04gr4erFDLrvc_kRyFlbQ

Real ANN 🔥🔥 $XUNI UltraNote Infinity - Your Personal Privacy Blockchain Solution

By the way, how do they put avatar (looks smaller than the standard one though) on Newbie account, as @Julialacey did?

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

One more:
Malware --> https://bitcointalksearch.org/topic/--5256263
Archive --> http://archive.is/WB4Sz
https://www.virustotal.com/gui/file/fe3df8b2bf3aa3cae5e7fc85d5b44846aa30b6fbcd82782dd399bc181c83c622/detection

Ban this user --> https://bitcointalksearch.org/user/kalymens-47630
user from 2011 just woke up

Original ann --> https://bitcointalksearch.org/topic/ann-coppercoin-copper-hybrid-cryptocoin-pow-pos-2170714

Seems to be a new trend, really old (2011) user accounts being used for this. Probably got them from the hack / database leak a while ago. Other than that I have no clue of where or why these older accounts are popping up with this stuff.

-Dave

busminer

hero member

Activity: 1764

Merit: 570

Twitter\X @AlexKosa1

Very suspicious in my opinion,this user's password was reset recently,a self-moderated topic
https://www.hybrid-analysis.com/sample/263eeb10202871d0567073eeb9c6ea3b111260f22021f7ed069cd52c1a22054f

User DSFchain https://bitcointalksearch.org/user/dsfchain-2797527
https://bitcointalksearch.org/topic/m.54633842

Quote from: DSFchain on June 17, 2020, 12:21:35 AM

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

2 from the same user:
Ban this person -> https://bitcointalksearch.org/user/gosifor2324-28802
Malware 1 --> https://bitcointalksearch.org/topic/--5256105
Archive --> http://archive.is/XF2Rd
Malware 2 --> https://bitcointalksearch.org/topic/m.54632613
Archive --> http://archive.is/p8Dei

I'm exhausted and too tired to think so someone else gets to do the rest of the digging into the original githubs and such.

-Dave

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: LeGaulois on June 16, 2020, 07:39:34 AM

https://bitcointalksearch.org/topic/m.54629580
https://web.archive.org/web/20200616122710/https://bitcointalk.org/index.php?topic=5255976.msg54629580 (archive)
https://www.virustotal.com/gui/file/45896fc99e6aa2bbaa7ea55ca1c465a0051fe9dfb93090dd2955b15194bb9db0/detection (scan)

The thread is already deleted , nice catch !

Fake Github and plagiarism (copy and paste)

Thread : [ANN] DaggerGpuMiner

User : njpopert <------- Please Ban that User

Archive : https://archive.fo/wip/iNMbc

Code:

GITHUB: [url=https://github.com/joonano614/DaggerGpuMiner]https://github.com/joonano614/DaggerGpuMiner[/url]

Releases: [url=https://github.com/joonano614/DaggerGpuMiner/releases]https://github.com/joonano614/DaggerGpuMiner/releases[/url]

Quote from: njpopert on June 14, 2020, 09:54:23 AM

Launch parameters:

1) GPU benchmark: DaggerGpuMiner.exe -G -M

2) GPU mining: DaggerGpuMiner.exe -G -a -p

3) CPU mining: DaggerGpuMiner.exe -cpu -a -p -t 8

Different features and optional parameters:

1) "-h" - show help

2) you can list all available devices using parameters "-list-devices -G".
You can check what platform ids and device numbers they have.
3) by default GPU-miner uses all OpenCL devices on the selected platform.
You can specify particular devices using parameter "-opencl-devices 0 1 3".
Use your device numbers instead of "0 1 3".
Also use can use parameter "-d " there is count of used devices.

Quote from: njpopert on June 14, 2020, 09:54:23 AM

Workaround on issue with high CPU usage with NVIDIA GPUs.

There is an issue with NVIDIA GPUs leading to very high CPU usage. The reason is improper implementation of OpenCL by NVIDIA. When CPU thread waits for results from GPU, it does not stop, it spins in loop eating CPU resources for nothing.
There was impemented a workaround on this issue: before reading results from GPU current thread sleeps during small calculated time. CPU usage was decreased in 90%. The change made optional, use launch parameter "-nvidia-fix" to enable it. The change can decrease hashrate a bit in some cases. But GPU rigs should gain increase of hashrate. So try it and choose to use or not to use it.

Fake Github : https_://github.com/joonano614/DaggerGpuMiner

Real Github : https_://github.com/jonano614/DaggerGpuMiner

Original Post and Github

Original Post from the Dev of that Miner : https://bitcointalksearch.org/topic/m.29131985

User : jonano

Code:

First beta-version of GPU miner is released.
Link to download https://github.com/jonano614/DaggerGpuMiner/releases
Source codes https://github.com/jonano614/DaggerGpuMiner

Quote from: jonano on January 28, 2018, 04:57:33 PM

Launch parameters:
1) GPU benchmark: DaggerGpuMiner.exe -G -M
2) GPU mining: DaggerGpuMiner.exe -G -a -p
3) CPU mining: DaggerGpuMiner.exe -cpu -a -p -t N (N - is a number of threads)

Different features and optional parametes:
1) "-h" - show help
2) you can list all available devices using parameters "-list-devices -G"
3) by default GPU mining is performed only on the first OpenCL device.
You can specify several devices using parameter "-opencl-devices 0 1 3".
Use your device numbers instead of "0 1 3".
Also use can use parameter "-d " there is count of used devices.

This text was added on Github in (committed) on 11 Feb 2018

Quote

Workaround on issue with high CPU usage with NVIDIA GPUs.
There is an issue with NVIDIA GPUs leading to very high CPU usage. The reason is improper implementation of OpenCL by NVIDIA. When CPU thread waits for results from GPU, it does not stop, it spins in loop eating CPU resources for nothing.
There was impemented a workaround on this issue: before reading results from GPU current thread sleeps during small calculated time. CPU usage was decreased in 90%. The change made optional, use launch parameter "-nvidia-fix" to enable it. The change can decrease hashrate a bit in some cases. But GPU rigs should gain increase of hashrate. So try it and choose to use or not to use it.

Source : https://github.com/swordlet/DaggerRandomxMiner/tree/b2dbde1ed41e2de68a8ec409e0614e6aadc335a0

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 51. (Read 36997 times)