Report Malware and Suspicious Links here so Mods can take Action ! - page 76.

Lafu

legendary

Activity: 3136

Merit: 3213

Fake ANN with Quote from the Orignal ANN and edited download link !

🔴🔴🔴🔴🔴【✅ANN】ZOOMBACLIX【BETA LAUNCH✅ZOOMBAPLATFORM

User : shapov22 <----- Please nuke that user

Code:

[quote author=shapov22 link=topic=5197632.msg52941290#msg52941290 date=1572546850]
[quote author=zoombacoin link=topic=4457816.msg39910629#msg39910629 date=1528750792]

[center][b][u]Wallet:[/u][/b][/center]
[center]https://www.sendspace.com/file/edl9qq[/center]

[/quote]

Fake Source Download : https_://www.sendspace.com/file/edl9qq

Real Source Download : https_://github.com/zoombacoin/zoomba/releases

Original ANN :

[ANN] ZOOMBACOIN - BETA LAUNCH - ZOOMBA PLATFORM

User : zoombacoin

Code:

[quote author=zoombacoin link=topic=4457816.msg39910629#msg39910629 date=1528750792]

[center][b][u]Wallet:[/u][/b][/center]
[center]https://github.com/zoombacoin/zoomba/releases[/center]

[/quote]

Archive : https://archive.md/Uc0hR

Maybe you can share your thoughts about that because the thread name is others as the Original but i guess its the Fake to catch people with the download !

Edit : its a fake ann , cheers

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Five-digit UID wakes up just 4 hours ago and the first thing he does is post a Cuckaroo29 algo, non-existent coin.

Of course, it comes with direct link to a wallet and a brand new GitHub, not obvious at all. I mean, you know what to do...

Account - zerqzee

Fake ANN - [ANN] [GRED] Greden - security, anonymity, ASIC resistance [POW/Cuckaroo29]

Archive - http://archive.fo/yCrB2

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: morvillz7z on October 22, 2019, 08:45:35 AM

~~~~~~

Hey thanks buddy for posted it here and look more on it , and i dont have forgot it because i was on the jump to an meeting !

I was realy sure that there is something about that link and the file also i have downloaded it but my browser stoped it and normaly my Browser dont doing that.
So looks like there was some real shit software in it .

Thanks again !

@alanst and @Rizzrack

Thanks for your support and work also , awesome and realy appreciate that !

Rizzrack

copper member

Activity: 783

Merit: 710

Defend Bitcoin and its PoW: bitcoincleanup.com

Quote from: morvillz7z on October 22, 2019, 11:45:49 AM

... Links to wallets are still there and that's priority imo..These guys have an unlimited amount of compromised accounts at hand, they've probably lost 400 + since April, what's another newbie account to them?

That is the main priority but I see thread got Trashed in the meantime !

Quote from: William Shakespeare

There's method in this madness

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Isn't it better to have their thread deleted and account nuked? Links to wallets are still there and that's priority imo. I think it's pointless to sec lock a newbie account with no other/ or deleted posts. These guys have an unlimited amount of compromised accounts at hand, they've probably lost 400 + since April, what's another newbie account to them?

Quote from: Rizzrack on October 22, 2019, 12:06:34 PM

thread got Trashed in the meantime !

Nice!

alanst

copper member

Activity: 88

Merit: 115

former Mysterious newbie™

Quote from: morvillz7z on October 22, 2019, 08:45:35 AM

Could you please nuke minerszone and his thread : [ANN] [BFC] Bitfree - New electronic cash [POW/Cuckaroo29]. It's a fake website with malware wallets.

~snip

We've also been looking at this account earlier today as it looked as though it may have possibly been compromised at some point so, as a result, it has now been security locked in order to prevent it from doing any more damage with these phishing attempts.

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Could you please nuke minerszone and his thread : [ANN] [BFC] Bitfree - New electronic cash [POW/Cuckaroo29]. It's a fake website with malware wallets.

I see that Lafu has caught them but didn't post here, so let me quote him (and add some additional information):

Quote from: ?? on ??

Can you explain ?

Code:

[b]Wallets[/b]
Windows: [url=https://www.bitcfree.vip/downloads/bitfree-0.18.5-win32.tar.gz]https://www.bitfree.vip/downloads/bitfree-0.18.5-win32.tar.gz[/url]
Linux: [url=https://www.bitcfree.vip/downloads/bitfree-0.18.5-x86_64-linux-gnu.tar.gz]https://www.bitfree.vip/downloads/bitfree-0.18.5-x86_64-linux-gnu.tar.gz[/url]

Why you hide the real download link behind the other link ?

Looks like fake Download link for malware or something !

https_://www.bitcfree.vip/downloads/bitfree-0.18.5-win32.tar.gz <---- suspicious

https_://www.bitfree.vip/downloads/bitfree-0.18.5-win32.tar.gz

Watch out when downloading here something , suspicious !

Fake domain is regestered just one day ago, whereas original back in May '19.

Quote from: https://whois.domaintools.com/bitcfree.vip

Domain Name: BITCFREE.VIP
Registry Domain ID: D_014FC94F_E1B63E46E42348DC834EBFF13BCE7A2A_0000016DEDB3835F-VIP
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2019-10-21T09:43:52Z
Creation Date: 2019-10-21T09:43:47Z
Registry Expiry Date: 2020-10-21T09:43:47Z

Quote from: https://whois.domaintools.com/bitfree.vip

Domain Name: BITFREE.VIP
Registry Domain ID: D_00F9C038_B01DFEE6593F4D17B913EED5966F577F_0000016B0183F82D-VIP
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2019-05-29T02:55:55Z
Creation Date: 2019-05-29T02:55:54Z
Registry Expiry Date: 2020-05-29T02:55:54Z

https://github.com/bitfreecash/bitfree

masulum

legendary

Activity: 2324

Merit: 1604

hmph..

New Fake ANN here !

[ANN][NYC] NEW YORK COIN at 2017 MACY'S THANKSGIVING DAY PARADE IN NYC!
FAKE PROFILE: scryptenthuslast

Real Profile: scryptenthusiast

Archives: https://archive.is/N364c

ORIGINAL ANN: https://bitcointalksearch.org/topic/annnyc-new-york-coin-at-2017-macys-thanksgiving-day-parade-in-nyc-2016963

Fake Github link on his ANN, under github link goes to:

Code:

https://anonymousfiles.io/f/newyorkcoin-1.3.1.21-win-setup.zip

Scan files result by VirusDesk Kaspersky:

Lafu

legendary

Activity: 3136

Merit: 3213

New Fake ANN here !

[ANN][Hybrid POW+MN][CN TRTL] ContentCoin - Made for content users

User : pendente <-------- Please Nuke that user !

This user recently woke up from a long period of inactivity.

Code:

[b]WALLET[/b]
CLI Windows: [url=https://github.com/contentnetswork/contentcoin/releases/download/5.01.02/ContentCoin-v5.1.2-win64.zip]https://github.com/contentnetwork/contentcoin/releases/download/5.01.02/ContentCoin-v5.1.2-win64.zip[/url]
CLI Linux: [url=https://github.com/contentnetswork/contentcoin/releases/download/5.01.02/ContentCoin-v5.1.2-linux64.tar.gz]https://github.com/contentnetwork/contentcoin/releases/download/5.01.02/ContentCoin-v5.1.2-linux64.tar.gz[/url]

[b]LINKS[/b]
Website : new website soon. Old website : https://theblogcoin.xyz

Fake Github : https_://github.com/contentnetswork/contentcoin/releases/download/5.01.02/ContentCoin-v5.1.2-win64.zip <--- Account created 3 hours ago

Real Github : https_://github.com/contentnetwork/contentcoin/releases/download/5.01.02/ContentCoin-v5.1.2-win64.zip

The original coin uses a diffrent Github but if you look at the fake Ann there is a fake github behind the Github link you can read !

Downloading at the moment the file to check it and will post my result here.

But looks very strange to me and i guess its full of bad things .

And i have looked around the 2 Gihubs and in the fake one is nothing as only you can download the file .
In the other there is all the source code and stuff

They are using the same website and on the Original ann i have nothing readed about that something will change and thats why i think its fake !

Original ANN :

Blogcoin ,A social media based blogging Platform.

User : turtlegirl

Code:

Blogcoin.
[b]Website:[/b]
https://theblogcoin.xyz

GITHUB
Coin sourcecode: https://github.com/blognetwork/blogcoin
GUI electron wallet: https://github.com/blognetwork/BlogCoin-electron-wallet

Also there is a other ANN that looks the real one for !

https://bitcointalksearch.org/topic/annhybrid-powmncn-trtl-contentcoin-decentralized-content-exchange-crypto-5194370

User : semiPOOL

Code:

[center][b]WALLET[/b][/center]
[center]CLI : https://github.com/contentnetwork/contentcoin/releases[/center]

Update : Checked file for the Fake Github is full of shit.

Fake Github : https_://github.com/contentnetswork/contentcoin/releases/download/5.01.02/ContentCoin-v5.1.2-win64.zip

https://www.virustotal.com/gui/file/9257d761fd3a304acfe1baab34563eb5da8aade8aa59790d4cc6138197f456b0/detection

Lafu

legendary

Activity: 3136

Merit: 3213

Next Fake Ann here !

[ANN] [UPD] [ADZ] Adzcoin||ADZbuzz - Replacing The Ad-Supported Web!

User : KaribuBlanco <----- Please nuke that user !

Code:

GitHub Source Code:

https://github.com/AdzCoin/adzcoin
-----------------------------------------------
[center][b]Wallets:[/b][/center]

[center][b][url=https://github.com/AdzColn/adzcoin/blob/master/adzcoin-qt.zip]Adzcoin-qt Windows[/url]

The Source github is right github.com/AdzCoin/adzcoin but if you looking at the download github link for the wallets you can see its the wrong one and fake.
Fake source : github.com/AdzColn/

For the wallets of the Original ANN they use there some other link you can see.

Original ANN :

[ANN] [ADZ] Adzcoin||ADZbuzz - Replacing The Ad-Supported Web!

User : coinstatic

Code:

[b][color=black][size=25pt]GitHub Source Code:[/size][/color][/b]

[size=19pt][b]https://github.com/AdzCoin/adzcoin[/b][/size]

[b][url=https://adzbuzz.com/adzcoin-files.zip][color=black][size=15pt]Download Windows wallet here:[/size][/color]

[img]https://i.imgur.com/dS34Pa4.png[/img][/url]

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

Here is another ANN of a project with malware

[ANN][IEO] ZOPTAX - 📞 DISRUPTING VOIP WITH BLOCKCHAIN

Zoptax wallet: https://zoptax.com/zoptax-windows.zip
Virus Total results: https://www.virustotal.com/gui/file/38a2acbfe7469e5fd5a14793922ec63911a0b3cdb28f3461982c37e9c758127f/detection
32/69 Engines detected malware

Lafu

legendary

Activity: 3136

Merit: 3213

Next Fake ANN !

YEP COIN | POS Staking : 20% | MASTERNODE : 80% | A DOOR FOR DREAM

User : str8x <---- Please nuke that user

Code:

[center][b][size=30pt]   MAC want to explain you what YEP COIN is  [/size][/b][/center]

[center][url=https://drive.google.com/uc?export=download&id=1JQ__5tkHyNuC1MbvHSMYer3SK0OpDg7O][img width=200 height=200 alt=image loading...]https://i.imgur.com/kiK6Yks.png[/img][/url][/center]
[center][url=https://github.com/YEPCOIN/Yep-Core][img width=200 height=200 alt=image loading...]https://i.imgur.com/AXWawtM.png[/img][/url][/center]

The Github is the same again as the last Fake ANN we got here but the difference is the MAC Explaining on that Thread !
In the fake ann there you have an google drive download and on the original ann you have an youtube video !
Looks like the google drive download is infected.

Please can Moderator delete this ANN and nuke the User !

Original ANN :

[ANN] YEP COIN | POS Staking : 20% | MASTERNODE : 80% | A DOOR FOR DREAM

User : Gentleman92

Code:

[center][b][size=30pt]   MAC want to explain you what YEP COIN is  [/size][/b][/center]

[center][url=https://youtu.be/A2gATngYWtI][img width=900 height=500 alt=image loading...]https://i.imgur.com/9SeyzuP.png[/img][/url][/center]

[center][b][size=20pt] WALLET YEP COIN [/size][/b][/center]
[center][url=https://github.com/YEPCOIN/Yep-Core/releases/download/1.0/yep-qt-win-64bit.exe][img width=200 height=200 alt=image loading...]https://i.imgur.com/kiK6Yks.png[/img][/url][/center]

Next fake anns

Fake ann : https://bitcointalksearch.org/topic/--5192664

User : vladlencik <---- Please Nuke

Original ann : https://bitcointalksearch.org/topic/ann-konjungate-konj-official-thread-5148524

Fake ANN : https://bitcointalksearch.org/topic/--5192658

Code:

[b]Wallets[/b]
[url=https://bitbucket.org/cryptoperfeckt/masters/downloads/newcachcoin.rar]https://github.com/NewCashExchange/NEWC-Wallet/releases/newcachcoin.rar[/url]

User : ktc45 <---- Please Nuke

Original ANN : https://bitcointalksearch.org/topic/ann-newc-new-cash-coin-pos-masternodes-newcashexchange-5189592

Fake ANN : https://bitcointalksearch.org/topic/--5192648

User : Sibkaz_dima <---- Please nuke

Original ANN : https://bitcointalksearch.org/topic/ann-expanse-exp-new-algo-pirlguard-5146098

Fake ANN : https://bitcointalksearch.org/topic/--5192669

Code:

[url=https://bitbucket.org/cryptoperfeckt/masters/downloads/gexp-windows-amd64.zip]gexp-windows-amd64.zip[/url]
[url=https://bitbucket.org/cryptoperfeckt/masters/downloads/gexp-windows-386.zip]gexp-windows-386.zip[/url]

User : candeche23 <---- Please nuke

Original ANN : https://bitcointalksearch.org/topic/ann-expanse-exp-new-algo-pirlguard-5146098

Code:

[url=https://github.com/expanse-org/go-expanse/releases/gexp-darwin-amd64.tar.gz]gexp-darwin-amd64.tar.gz[/url] 
[url=https://github.com/expanse-org/go-expanse/releases/gexp-darwin-386.tar.gz]gexp-darwin-386.tar.gz[/url] 
[url=https://github.com/expanse-org/go-expanse/releases/gexp-linux-amd64.tar.gz]gexp-linux-amd64.tar.gz[/url] 
[url=https://github.com/expanse-org/go-expanse/releases/gexp-linux-386.tar.gz]gexp-linux-386.tar.gz[/url] 
[url=https://github.com/expanse-org/go-expanse/releases/gexp-windows-amd64.zip]gexp-windows-amd64.zip[/url] 
[url=https://github.com/expanse-org/go-expanse/releases/gexp-windows-386.zip]gexp-windows-386.zip[/url]

Fake ANN : https://bitcointalksearch.org/topic/--5192636

Code:

[b]Windows-QT:[/b]
[url=https://bitbucket.org/cryptoperfeckt/masters/downloads/VADE-QT.zip.Windows.Binaries.zip]

User : Sibkaz_dima <---- Please nuke

Original ANN : https://bitcointalksearch.org/topic/annvade-vade-crypto-pos-stealth-transactions-encrypted-messaging-1373179

Lafu

legendary

Activity: 3136

Merit: 3213

Quote from: morvillz7z on October 12, 2019, 03:09:49 PM

https://bitcointalksearch.org/topic/bth-bithuman-coin-secure-private-untraceable-since-11082017-2063263

The topic title was changed from "BITHUMAN Coin - secure, private, untraceable - start 05/08/2017" to "www.ninjacoin.org"

and what's bothering me is the date this happened - August 1st, 2019. Does this mean they have prepped this shit up two months ago?

Wow nice catch !
And yes it looks like the missed to change the links to infected wallets or was on the way to add them laters .
Maybe the Account of the User was hacked or maybe sold from them and they just changed the thread title.
Dont know whats wrong with change of the Title and this thread but it looks very strange to me

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: Lafu on October 12, 2019, 02:04:36 PM

Dont know whats wrong with that Fake ANN as the Github is the same as the Original ANN have !
But anyway its an Fake Ann and the Original Ann was created at April 28, 2019, 09:22:42 AM

Yeah, i can't find any differences between the two. They have either forgot to change/add the links to infected wallets or they will add them at a later stage (to avoid suspicion). I don't know what to make out of this screenshot though:

https://bitcointalksearch.org/topic/bth-bithuman-coin-secure-private-untraceable-since-11082017-2063263

The topic title was changed from "BITHUMAN Coin - secure, private, untraceable - start 05/08/2017" to "www.ninjacoin.org"

and what's bothering me is the date this happened - August 1st, 2019. Does this mean they have prepped this shit up two months ago?

Lafu

legendary

Activity: 3136

Merit: 3213

Next Fake ANN again !

NinjaCoin (NINJA) - digital cryptocurrency to exchange with friends

User : bithuman

Code:

[b]Releases[/b]
Ninjacoin Daemon: https://github.com/NinjaCoin-Master/NinjaCoin/releases/latest
NinjaWallet GUI: https://github.com/NinjaCoin-Master/Ninja-Wallet-Pro/releases/latest
Mobile Wallet: https://github.com/NinjaCoin-Master/ninjacoin-mobile-wallet/releases/latest
Paper Wallet: https://www.ninjacoin.org/wallet

Dont know whats wrong with that Fake ANN as the Github is the same as the Original ANN have !
But anyway its an Fake Ann and the Original Ann was created at April 28, 2019, 09:22:42 AM

Maybe a Moderator can delete the thread !

Archive : https://archive.fo/DPufo

Original ANN :

NinjaCoin (NINJA) - digital cryptocurrency to exchange with friends

User : NinjaTrust

Code:

[b]Releases[/b]
Ninjacoin Daemon: https://github.com/NinjaCoin-Master/NinjaCoin/releases/latest
NinjaWallet GUI: https://github.com/NinjaCoin-Master/Ninja-Wallet-Pro/releases/latest
Mobile Wallet: https://github.com/NinjaCoin-Master/ninjacoin-mobile-wallet/releases/latest
Paper Wallet: https://www.ninjacoin.org/wallet

masulum

legendary

Activity: 2324

Merit: 1604

hmph..

Quote from: nc50lc on October 09, 2019, 11:19:30 PM

Thank you very much for this explanation,

After case of Decracy (on pages 3), I am making a report, because I think something wrong with that project, hidden original link with short link. So, I have not downloaded their files, because I never know linktree before. But I am happy dev team make it clear with his clarify. For Popup, I reported above, I am not downloading file because as many users say not safe for download file from Mega. so I am just sharing their links and check it on VT. Because I found original thread for PopUp coin, of cours,e this wallet is fake, so I reported here.

Quote from: Lafu on October 10, 2019, 05:46:54 AM

Yup, this is how I check their wallets, downloading files and check it on virus desk, but I'm just downloading if their files hosted on github or bitbucket.

Lafu

legendary

Activity: 3136

Merit: 3213

You also can still download the Files as long you dont open it or unzip the file when its from github and upload the file to Virustotal !
After that deleted it and you should be fine .
But i advice to doing this just to be safe to use the Sandboxie browsing function or an VM .
Dont do it with Mega files , i dont trust the download there .

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: nc50lc on October 09, 2019, 11:19:30 PM

But if you downloaded the file and uploaded to virustotal, there will be positives

Thank you for your information and I am sorry to doktor83 was reported yours thread.

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

A very important information for reporters:
Do not just paste the direct link to virustotal's url scanner as it will scan the host/server of that url instead of the file to be downloaded.
And apparently; when you paste mega.nz, it will always result with "CLEAN MX: Phishing" and "URLhaus: Malicious" regardless of the link.

Like for example (just MEGA's home URL):
https://www.virustotal.com/gui/url/71216ea7e98991af2c7f6226d581d2ba513e14cc585f8e8d0f6cf04bf112f755/detection
Same results, "CLEAN MX: Phishing" and "URLhaus: Malicious"

Another (safely reproduce-able) Example:
Try it with Electrum windows executable(s): https://electrum.org/#download <- It's safe but with false positives.
Copy the direct download link (https://download.electrum.org/3.3.8/electrum-3.3.8-setup.exe) and paste it to virustotal,
the result will be clean: VT URL Results. Virustotal didn't download the file in the link, it doesn't work that way.
But if you downloaded the file and uploaded to virustotal, there will be positives: VT uploaded result (v3.3.6) <- Again, false positives

masulum

legendary

Activity: 2324

Merit: 1604

hmph..

FAKE ANN
PopUp Coin | X11 | Private | Bounties | No ICO | Retail Focused | POW/MN |
ANN THREAD: https://bitcointalksearch.org/topic/--5191560 (Reported to mod)
Archives: https://archive.is/fsXhu
Profile: https://bitcointalksearch.org/user/popupandup-2692616 - neg trust given, please support

https://www.popup.money/

Domain:popup.money
Registrar:GoDaddy.com, LLC
Registered On:2019-05-24
Expires On:2020-05-24
Updated On:2019-05-29

Code:

STAY AWAY FROM THIS URL!
https://mega.nz/#!HLoDzSDL!P9SgoQC-xD6d0Zhoo21H3ywG5chU9Ew_dozRSowHmvw

https://www.virustotal.com/gui/url/71216ea7e98991af2c7f6226d581d2ba513e14cc585f8e8d0f6cf04bf112f755/detection

============= ORIGINAL THREAD & GITHUB =============
https://bitcointalksearch.org/topic/ann-popup-coin-x11-private-bounties-no-ico-retail-focused-powmn-5161775
https://github.com/popupcoin/PopUp-Coin

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 76. (Read 36997 times)