Pages:
Author

Topic: Report Malware and Suspicious Links here so Mods can take Action ! - page 78. (Read 37960 times)

legendary
Activity: 2366
Merit: 1272
Heisenberg
legendary
Activity: 3178
Merit: 3295
Next Fake ANN !

YEP COIN | POS Staking : 20% | MASTERNODE : 80% | A DOOR FOR DREAM

User : str8x  <----  Please nuke that user

Code:
[center][b][size=30pt]   MAC want to explain you what YEP COIN is  [/size][/b][/center]

[center][url=https://drive.google.com/uc?export=download&id=1JQ__5tkHyNuC1MbvHSMYer3SK0OpDg7O][img width=200 height=200 alt=image loading...]https://i.imgur.com/kiK6Yks.png[/img][/url][/center]
[center][url=https://github.com/YEPCOIN/Yep-Core][img width=200 height=200 alt=image loading...]https://i.imgur.com/AXWawtM.png[/img][/url][/center]

The Github is the same again as the last Fake ANN we got here but the difference is the MAC Explaining on that Thread !
In the fake ann there you have an google drive download and on the original ann you have an youtube video !
Looks like the google drive download is infected.

Please can Moderator delete this ANN and nuke the User !

Original ANN :

[ANN] YEP COIN | POS Staking : 20% | MASTERNODE : 80% | A DOOR FOR DREAM

User : Gentleman92

Code:
[center][b][size=30pt]   MAC want to explain you what YEP COIN is  [/size][/b][/center]

[center][url=https://youtu.be/A2gATngYWtI][img width=900 height=500 alt=image loading...]https://i.imgur.com/9SeyzuP.png[/img][/url][/center]

[center][b][size=20pt] WALLET YEP COIN [/size][/b][/center]
[center][url=https://github.com/YEPCOIN/Yep-Core/releases/download/1.0/yep-qt-win-64bit.exe][img width=200 height=200 alt=image loading...]https://i.imgur.com/kiK6Yks.png[/img][/url][/center]



Next fake anns

Fake ann :   https://bitcointalksearch.org/topic/--5192664  

User : vladlencik  <----   Please Nuke

Original ann : https://bitcointalksearch.org/topic/ann-konjungate-konj-official-thread-5148524



Fake ANN :  https://bitcointalksearch.org/topic/--5192658

Code:
[b]Wallets[/b]
[url=https://bitbucket.org/cryptoperfeckt/masters/downloads/newcachcoin.rar]https://github.com/NewCashExchange/NEWC-Wallet/releases/newcachcoin.rar[/url]

User : ktc45   <----   Please Nuke

Original ANN :
 https://bitcointalksearch.org/topic/ann-newc-new-cash-coin-pos-masternodes-newcashexchange-5189592


Fake ANN : https://bitcointalksearch.org/topic/--5192648

User : Sibkaz_dima   <----    Please nuke

Original ANN : https://bitcointalksearch.org/topic/ann-expanse-exp-new-algo-pirlguard-5146098



Fake ANN :  https://bitcointalksearch.org/topic/--5192669

Code:
[url=https://bitbucket.org/cryptoperfeckt/masters/downloads/gexp-windows-amd64.zip]gexp-windows-amd64.zip[/url]
[url=https://bitbucket.org/cryptoperfeckt/masters/downloads/gexp-windows-386.zip]gexp-windows-386.zip[/url]

User : candeche23  <----   Please nuke

Original ANN : https://bitcointalksearch.org/topic/ann-expanse-exp-new-algo-pirlguard-5146098

Code:
[url=https://github.com/expanse-org/go-expanse/releases/gexp-darwin-amd64.tar.gz]gexp-darwin-amd64.tar.gz[/url] 
[url=https://github.com/expanse-org/go-expanse/releases/gexp-darwin-386.tar.gz]gexp-darwin-386.tar.gz[/url]
[url=https://github.com/expanse-org/go-expanse/releases/gexp-linux-amd64.tar.gz]gexp-linux-amd64.tar.gz[/url]
[url=https://github.com/expanse-org/go-expanse/releases/gexp-linux-386.tar.gz]gexp-linux-386.tar.gz[/url]
[url=https://github.com/expanse-org/go-expanse/releases/gexp-windows-amd64.zip]gexp-windows-amd64.zip[/url]
[url=https://github.com/expanse-org/go-expanse/releases/gexp-windows-386.zip]gexp-windows-386.zip[/url]



Fake ANN :  https://bitcointalksearch.org/topic/--5192636

Code:
[b]Windows-QT:[/b]
[url=https://bitbucket.org/cryptoperfeckt/masters/downloads/VADE-QT.zip.Windows.Binaries.zip]

User : Sibkaz_dima  <----   Please nuke

Original ANN : https://bitcointalksearch.org/topic/annvade-vade-crypto-pos-stealth-transactions-encrypted-messaging-1373179
legendary
Activity: 3178
Merit: 3295
https://bitcointalksearch.org/topic/bth-bithuman-coin-secure-private-untraceable-since-11082017-2063263

The topic title was changed from "BITHUMAN Coin - secure, private, untraceable - start 05/08/2017" to "www.ninjacoin.org"

and what's bothering me is the date this happened - August 1st, 2019. Does this mean they have prepped this shit up two months ago?

Wow nice catch !
And yes it looks like the missed to change the links to infected wallets or was on the way to add them laters .
Maybe the Account of the User was hacked or maybe sold from them and they just changed the thread title.
Dont know whats wrong with change of the Title and this thread but it looks very strange to me
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
Dont know whats wrong with that Fake ANN as the Github is the same as the Original ANN have !
But anyway its an Fake Ann and the Original Ann was created at April 28, 2019, 09:22:42 AM

Yeah, i can't find any differences between the two. They have either forgot to change/add the links to infected wallets or they will add them at a later stage (to avoid suspicion). I don't know what to make out of this screenshot though:



https://bitcointalksearch.org/topic/bth-bithuman-coin-secure-private-untraceable-since-11082017-2063263

The topic title was changed from "BITHUMAN Coin - secure, private, untraceable - start 05/08/2017" to "www.ninjacoin.org"

and what's bothering me is the date this happened - August 1st, 2019. Does this mean they have prepped this shit up two months ago?
legendary
Activity: 3178
Merit: 3295
Next Fake ANN again !

NinjaCoin (NINJA) - digital cryptocurrency to exchange with friends

User : bithuman

Code:
[b]Releases[/b]
Ninjacoin Daemon: https://github.com/NinjaCoin-Master/NinjaCoin/releases/latest
NinjaWallet GUI: https://github.com/NinjaCoin-Master/Ninja-Wallet-Pro/releases/latest
Mobile Wallet: https://github.com/NinjaCoin-Master/ninjacoin-mobile-wallet/releases/latest
Paper Wallet: https://www.ninjacoin.org/wallet

Dont know whats wrong with that Fake ANN as the Github is the same as the Original ANN have !
But anyway its an Fake Ann and the Original Ann was created at April 28, 2019, 09:22:42 AM

Maybe a Moderator can delete the thread !

Archive : https://archive.fo/DPufo

Original ANN :

NinjaCoin (NINJA) - digital cryptocurrency to exchange with friends 

User : NinjaTrust

Code:
[b]Releases[/b]
Ninjacoin Daemon: https://github.com/NinjaCoin-Master/NinjaCoin/releases/latest
NinjaWallet GUI: https://github.com/NinjaCoin-Master/Ninja-Wallet-Pro/releases/latest
Mobile Wallet: https://github.com/NinjaCoin-Master/ninjacoin-mobile-wallet/releases/latest
Paper Wallet: https://www.ninjacoin.org/wallet
legendary
Activity: 2324
Merit: 1604
hmph..


Thank you very much for this explanation,

After case of Decracy (on pages 3), I am making a report, because I think something wrong with that project, hidden original link with short link. So, I have not downloaded their files, because I never know linktree before. But I am happy dev team make it clear with his clarify. For Popup, I reported above, I am not downloading file because as many users say not safe for download file from Mega. so I am just sharing their links and check it on VT. Because I found original thread for PopUp coin, of cours,e this wallet is fake, so I reported here.




Yup, this is how I check their wallets, downloading files and check it on virus desk, but I'm just downloading if their files hosted on github or bitbucket.
legendary
Activity: 3178
Merit: 3295
You also can still download the Files as long you dont open it or unzip the file when its from github and upload the file to Virustotal !
After that deleted it and you should be fine .
But i advice to doing this just to be safe to use the Sandboxie browsing function or an VM .
Dont do it with Mega files , i dont trust the download there .
legendary
Activity: 2366
Merit: 2054
But if you downloaded the file and uploaded to virustotal, there will be positives
Thank you for your information and I am sorry to doktor83 was reported yours thread.
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
A very important information for reporters:
Do not just paste the direct link to virustotal's url scanner as it will scan the host/server of that url instead of the file to be downloaded.
And apparently; when you paste mega.nz, it will always result with "CLEAN MX: Phishing" and "URLhaus: Malicious" regardless of the link.

Like for example (just MEGA's home URL):
https://www.virustotal.com/gui/url/71216ea7e98991af2c7f6226d581d2ba513e14cc585f8e8d0f6cf04bf112f755/detection
Same results, "CLEAN MX: Phishing" and "URLhaus: Malicious"

Another (safely reproduce-able) Example:
Try it with Electrum windows executable(s): https://electrum.org/#download <- It's safe but with false positives.
Copy the direct download link (https://download.electrum.org/3.3.8/electrum-3.3.8-setup.exe) and paste it to virustotal,
the result will be clean: VT URL Results. Virustotal didn't download the file in the link, it doesn't work that way.
But if you downloaded the file and uploaded to virustotal, there will be positives: VT uploaded result (v3.3.6) <- Again, false positives
legendary
Activity: 2324
Merit: 1604
hmph..
FAKE ANN
PopUp Coin | X11 | Private | Bounties | No ICO | Retail Focused | POW/MN |
ANN THREAD: https://bitcointalksearch.org/topic/--5191560 (Reported to mod)
Archives: https://archive.is/fsXhu
Profile: https://bitcointalksearch.org/user/popupandup-2692616 - neg trust given, please support

https://www.popup.money/

Domain:popup.money
Registrar:GoDaddy.com, LLC
Registered On:2019-05-24
Expires On:2020-05-24
Updated On:2019-05-29

Code:
STAY AWAY FROM THIS URL!
https://mega.nz/#!HLoDzSDL!P9SgoQC-xD6d0Zhoo21H3ywG5chU9Ew_dozRSowHmvw


https://www.virustotal.com/gui/url/71216ea7e98991af2c7f6226d581d2ba513e14cc585f8e8d0f6cf04bf112f755/detection

hero member
Activity: 2548
Merit: 626
Just want to say thank you to the moderator/admin who returned back my topic!  Kiss
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
legendary
Activity: 3178
Merit: 3295
New Fake ANN here !

[ANN] - WeChain Coin - GPU & CPU Mining | Low Investment!

User : pandao  <-------    Please Nuke that user !

Code:
[b][size=15pt]DOWNLOAD[/size] [/b]

[size=13pt][url=https://[Suspicious link removed]/y3or2nf7]https://[Suspicious link removed]/y3or2nf7[/url][/size]

The Link is or was already removed from the system or an Moderator !


Original Ann are here :

[ANN] - WeChain Coin - GPU & CPU Mining

User : wechaincoin

Code:
[center][b][u][color=red]WALLETS[/color][/u][/b]

[b]WINDOWS[/b]
GUI [url=https://github.com/wechaincoin/wallets/blob/master/wechaincoin_wallet_gui_v1.0.0-ok.zip]https://github.com/wechaincoin/wallets/blob/master/wechaincoin_wallet_gui_v1.0.0-ok.zip[/url]
CLI [url=https://github.com/wechaincoin/wallets/blob/master/wechaincoin_wallet_cli_windows.zip]https://github.com/wechaincoin/wallets/blob/master/wechaincoin_wallet_cli_windows.zip[/url]

[b]LINUX[/b]
CLI [url=https://github.com/wechaincoin/wallets/blob/master/wechaincoin_wallet_cli_linux.zip]https://github.com/wechaincoin/wallets/blob/master/wechaincoin_wallet_cli_linux.zip[/url]
[/center]
legendary
Activity: 3472
Merit: 1724
I understand that but i thought the rank (hero member) + that i never had any trouble with the 'law and moderators' means something (trust), but it looks like it's not the case.

Being a Hero Member isn't enough, too many accounts are trading hands, or changing ownership (hacks or phishing) for anyone to be above suspicion.
hero member
Activity: 2548
Merit: 626

Please stop trying to prove something that you are wrong about.
I know you want to help, nice of you, but better go after newbie accounts and suspicious activities.

I have my miner topic here for a long time, people are using it. Go in that topic, download the .zip and run it through your online av. It will report malware.
Now go into Claymore Miner thread and scan that too. It will report malware. Go into ANY miner topic and scan their binary. Always the same result.

I think i wouldnt have 367 pages on my miner topic if it was malware, don't you think ?

Please educate : https://en.wikipedia.org/wiki/Executable_compression
legendary
Activity: 2618
Merit: 6452
Self-proclaimed Genius
-snip-
Already got a reply from Mprep, it wasn't him who deleted the topic, so i went further and wrote to the big boss, i hope he gets some time to help me Smiley
Big boss who, admin theymos?

You can also ask the other Global Moderators aside from mprep: hilariousandco and Mr. Big.
They can moderate the whole forum as well.
hero member
Activity: 2548
Merit: 626
...What a joke this all is, really i have no words.
Understand that there was a pretty big wave of fake coin ann and fake miners and some other phishing stuff going on. Hundreds of threads, even more banned accounts because of this. So you can see wht people can sometimes jump to conclusions ...

I understand that but i thought the rank (hero member) + that i never had any trouble with the 'law and moderators' means something (trust), but it looks like it's not the case.
Already got a reply from Mprep, it wasn't him who deleted the topic, so i went further and wrote to the big boss, i hope he gets some time to help me Smiley
copper member
Activity: 786
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
...What a joke this all is, really i have no words.
Understand that there was a pretty big wave of fake coin ann and fake miners and some other phishing stuff going on. Hundreds of threads, even more banned accounts because of this. So you can see wht people can sometimes jump to conclusions ...
I took a look at your thread before it got trashed but did not see enough red flags to be sure if it's ok or not.

My recommendation is to wait a bit longer for an answer from the admin you PMed or eventually open a separate thread in Meta. Any global mod or above should be able to retrieve your thread but I would wait a bit longer to get a reply to the PM already sent.

Indeed looks like a mistake (probably), but ranting here will help no one Smiley
hero member
Activity: 2548
Merit: 626
Only Mprep because he is moderating the mining board there , and if you already have pm him so just wait til he comes online and have time for answer your PM.
Maybe explain him the things and link to this thread .

For the detections for the Miners its cleear that they got the detection .

But with the

Endgame
malicious (high confidence)
Invincea
heuristic

i guess it was the reason why it was reported and this is not in every miner software .

Wish good luck with it and i dont have report it , just for saying .


The link from the post Droomie posted now shows less detections. ( https://www.virustotal.com/gui/file/fb9378b3eaca05b3fc6bebb58ad318996600252949a41036aa4028bb697c74f8/detection )



So no more Invincea. What a joke this all is, really i have no words.
Pages:
Jump to: