Pages:
Author

Topic: SCAM - Ulord(UT) FAKE ANN and FAKE Wallet to Spread Malware. (Read 1061 times)

copper member
Activity: 13
Merit: 0
FYD is a community driven PoS cryptocurrency
I don't want to start a new thread for every fake ANN with malicious wallets so I will be making a MEGA thread by the end of the week. Will list every single one of them in chronological order and update it daily. In my estimation, there are +30 already (all created in the past 30 days).

Ones I've spotted today (will tag and report whenever I get more info about wallets):

[ANN] [Masternode] [POS] FYD Coin - (archived)

Fake Github, created 5 hours ago - https://github.com/Fyd-Coin

Original FydCoin - https://github.com/Fydcoin/FYD and their ANN


[RSIN] Roketsin - (archived) Fake ann with links to bitbucket.

Original announcement thread for Roketsin - [RSIN] Roketsin


These two are very likely to be fake as well, having links to mega.nz wallets (self-moderated) opposed to the original project having their own GitHub.

Fakes:

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN - (archived)

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN - (archived)

Original - https://bitcointalksearch.org/topic/ann-online-leagueio-olc-lol-csgo-the-game-is-yours-pos-pow-mn-5141278 and their GitHub - https://github.com/ProjectOnlineLeague

EDIT; One of the topics was just edited...and replaced lol

https://bitcointalksearch.org/topic/--5142590 - (archived)

EDIT2;

ONLINE-LEAGUE impersonators tagged and reported.

Proof:

Good work sir definitely this will just keep helping the community on not to encounter losses in future.

Great job thank you for keeping us all safe
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
They are added to my scam list too.

What do you mean added to your list? The real Ulord (UT) project/team has nothing to do with this scam accusations.

The ANN in the OP was posted from a hacked account with fake GitHub and everything, simply impersonating their project. There were hundreds of those fake announcement threads for the last couple of months.
legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
Great work. They are added to my scam list too.

As a community we need to weed out these thieves no matter how big or small their scam operation is and no matter what their ultimate goal or plan is.

If we all get together to keep posting about the scammers then they have less and less chance of succeeding by ripping people off. Unfortunately somewhere along the line a newbie or gullible person will invest and lose out but by far the majority of people will be protected.
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
Does the process take a long time before the account gets removed?

I would say anywhere between one to three days. My experience with GitHub support has been quite good so far, I think I have taken down 3 or 4 of those fake ones. HyperCash-HC was removed within 24hrs of my report.

Make sure your report has all the details, you need to include links to both infected wallet and virustotal. As for MultiVAC, ask TakeItEasy to test their latest two repository uploads - "Core" and "Release". Report these two.

Edit;


Update: May 21, 2019, GitHub is taken down!

legendary
Activity: 2338
Merit: 1261
Heisenberg
Good work @Morvillz7z, looks like the mods are doing a good job right now and also responding in time to delete the scammer's threads once they are reported.
I did try to report their GitHub profiles too including this one; https://github.com/MultiVAC
but for some reason, it is not getting removed, I don't know why?
I did include information about the scammer trying to spread malware alongside the virus total results.

Does the process take a long time before the account gets removed?
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
Tagged & reported. These fake ANNs are becoming a bit of a problem....

Yes, they've been a problem for a while now...and it's not just fake ANN, these people use compromised accounts which appears to be the bigger issue here.

I honestly have no problem reporting a few of those every day, but not 20+, that's just crazy and takes way too much time and energy.

Forum administration seems to be aware of the problem though, that's a positive sign!

We're on it, thanks for tagging and reporting them while they run out of accounts. I've been locking a lot of these hacked accounts, a part of them are active accounts which the hacker silently used. We'll handle account recoveries as they come in. Curious how they picked the altcoin threads, seems pretty random.
full member
Activity: 670
Merit: 120
TIME TO BAN THE YOBIT SCAM!!
Tagged & reported. These fake ANNs are becoming a bit of a problem....
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
These guys had a field day yesterday with all-time high in created fake announcement threads. I counted 28. Shocked

Way more relaxed today as I found just one (there could be more) but this one was way too obvious.

[ANN][PoW][X16R] Zyrk - Pushing the boundaries of blockchain technology - (archived)

And their fake GitHub created just a few hours ago: https://github.com/release-coin

Original Zyrk thread: https://bitcointalksearch.org/topic/annpowx16r-zyrk-pushing-the-boundaries-of-blockchain-technology-5139507

https://github.com/ZyrkProject/zyrk-core

They even tried to hide/mask it:



Interesting to point out, account posting their thread is from 2012 (woke up May 16th), I suppose a brand new batch of compromised accounts.
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
At least 10 new fake ANN posted in the last two hours, good grief  Grin All using MultiVAC's malware wallet/GitHub.

I will update this post shortly:

[ANN] BitGrin (XBG) – MimbleWimble with Bitcoin economics – Windows wallet! - (archived)

Original BitGrin thread: https://bitcointalksearch.org/topic/ann-bitgrin-xbg-mimblewimble-with-bitcoin-economics-windows-wallet-5104608

Proof:

Rig software
https://www.virustotal.com/#/file/7a60731b74243daeebf7e675c1c19beaf37f8514d0b72add822730c1d19a765b/detection
Wallet
https://www.virustotal.com/#/file/40a7e731b9aadca0f29cd1c25f90ac30f4df4765bfe6d2bb3c79fc53e6730b93/detection


[ANN][CLAM] CLAMs, Proof-Of-Chain, Proof-Of-Working-Stake, a.k.a. "Clamcoin" - (archived)

Original CLAMs thread: https://bitcointalksearch.org/topic/annclam-clams-proof-of-chain-proof-of-working-stake-aka-clamcoin-623147

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN][TZC] TrezarCoin Super-Secure-PoW/PoS - (archived)

Original TrezarCoin thread: https://bitcointalksearch.org/topic/anntzc-trezarcoin-super-secure-powpos-2140812

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN] [SPN] SpartanCoin - (archived)

Original SpartanCoin thread: https://bitcointalksearch.org/topic/ann-spn-spartancoin-the-cryptocurrency-flying-on-the-internet-5119179
https://bitcointalksearch.org/topic/ann-spartancoin-cryptocoin-for-the-competitive-world-491637

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN] Ravencoin [RVN] PoW GPU Mining | Asset Transfer Blockchain (Updated ANN) - (archived)

Original Ravencoin thread: https://bitcointalksearch.org/topic/ann-ravencoin-rvn-pow-gpu-mining-asset-transfer-blockchain-updated-ann-3238497

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN]SwiftCash - Decentralized Governance and Economy - (http://archive.fo/6Void)

Original SwiftCash thread: https://bitcointalksearch.org/topic/swiftcash-digital-store-of-value-p2p-decentralized-governance-economy-5062453

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


eXperience Points [XP] ENGLISH - (archived)

Original eXperience Points thread: https://bitcointalksearch.org/topic/experience-points-xp-english-2313170

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN] Denarius [D] - Originator "Tribus" PoW/PoS Hybrid Masternodes - (archived)

Original Denarius thread: https://bitcointalksearch.org/topic/ann-denarius-d-first-tribus-powpos-hybrid-masternodes-ring-sigs-1967207

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN] [VBK] [PoP/PoW] VeriBlock: Securing the World's Blockchains Using Bitcoin - (archived)

Original VeriBlock thread: https://bitcointalksearch.org/topic/ann-vbk-poppow-veriblock-securing-the-worlds-blockchains-using-bitcoin-3133450

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN][POS/MN] [Bounties] Coin2Play - Gambling and Casino online - (archived)

Original Coin2Play thread:https://bitcointalk.org/index.php?topic=4849316

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[EAC] EarthCoin (EAC) !!! RELOADED !!! - (archived)

Original EarthCoin thread: https://bitcointalksearch.org/topic/eac-earthcoin-eac-reloaded-2161853

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN][POS/MN] ⭐ SafeGames [SGS] - Build your own Game ⭐ CryptoBridge paid - (archived)

Original SafeGames [SGS] thread: https://bitcointalksearch.org/topic/annposmn-safegames-sgs-build-your-own-game-cryptobridge-paid-5111563

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


[ANN][TLRM] - Tellurium Official - RELEASE 17/04/19 14:00 GMT+2 !!! - (archived)

Original Tellurium thread: https://bitcointalksearch.org/topic/anntlrm-tellurium-official-release-170419-1400-gmt2-5132724

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)


❤️[ANN] Surfcoin SURF❤️Only Browser Mining❤️Ad Platform❤️POS❤️Mobile Mining❤ - (archived)

Original Surfcoin thread: https://bitcointalksearch.org/topic/ann-surfcoin-surfonly-browser-miningad-platformposmobile-mining-5078617

Proof: MultiVAC's malware wallet/GitHub (see BitGrin links)

legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
They might have a bot to post all these threads. Take a look at my recent tags vs. newbie accounts who woke on April 28th.





If that's true, I won't be able to keep up with all these fake threads, the Night King has won. Grin
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
I don't want to edit my previous post the 4th time, so I'll post my new findings here:

It's pretty much a game of cat and mouse at this point:



With the exception of ChanceBetCoin and Tampa Bay Token all other ANN seems to be fake. There are all posted within the last hour or so and have a link to the same GitHub (which is created also an hour ago).

https://github.com/Core-Wallet/

I will update this post, tag and report users involved later...that's close to 20 fake topics today, a good/productive start of the week.  Undecided


[ANN] Halcyon v1.1.0.3 ~ NeoScrypt PoW and up to 100% PoS - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Halcyon thread - https://bitcointalksearch.org/topic/ann-halcyon-v1102-neoscrypt-pow-and-up-to-100-pos-895829


ANN] ONEROOT NETWORK - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original ONEROOT thread - https://bitcointalksearch.org/topic/ann-oneroot-network-projectco-creating-a-value-and-data-network-3121006


[ANN][XCP] Counterparty - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Counterparty thread - https://bitcointalksearch.org/topic/annxcp-counterparty-pioneering-peer-to-peer-finance-official-thread-395761


ANN] MNPR coin - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original MNPR coin thread - https://bitcointalksearch.org/topic/ann-mnpr-coin-mn-services-mnpos-coin-mnproio-crypto-bridge-paid-5113359


[ANN] [BSV] [Bitcoin SV] Original Satoshi Vision - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original BSV thread - https://bitcointalksearch.org/topic/ann-bsv-bitcoin-sv-original-satoshi-vision-4985868


[ANN] [BCRM] Bitcoin RM: A new Bitcoin Fork is now LIVE - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original [BCRM] Bitcoin RM thread - https://bitcointalksearch.org/topic/ann-bcrm-bitcoin-rm-a-new-bitcoin-fork-is-now-live-4735005


[ANN] Lytix - PoS Maxnode - (archived])

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Lytix thread - https://bitcointalksearch.org/topic/ann-lytix-pos-maxnode-crypto-platform-5066344


[ANN] BitGrin (XBG) - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original BitGrin thread - https://bitcointalksearch.org/topic/ann-bitgrin-xbg-mimblewimble-with-bitcoin-economics-windows-wallet-5104608


[ANN] Bitcoin Confidential - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Bitcoin Confidential thread - https://bitcointalksearch.org/topic/ann-bitcoin-confidential-the-truly-fungible-cryptocurrency-5135251


[ANN][POW]🥇DeroGold🥇 - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original DeroGold thread - https://bitcointalksearch.org/topic/annpowderogold-the-future-of-crypto-0-premine-cn-upx-algo-5088519


[ANN][POW][HARDFORK] MicroBitcoin - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original MicroBitcoin thread - https://bitcointalksearch.org/topic/annpow-microbitcoin-micro-payments-protocol-3982489


[XVC] Vcash Official Community Thread ▱ Zerotime ▱ Anon ▱ Auto Block Size - (archived)

https://github.com/Core-Wallet/ - fake GitHub (infected wallets inside?)

Original Vcash thread - https://bitcointalksearch.org/topic/xvc-vcash-official-community-thread-zerotime-anon-auto-block-size-1504342

member
Activity: 420
Merit: 12
Globe-dex.com
I don't want to start a new thread for every fake ANN with malicious wallets so I will be making a MEGA thread by the end of the week. Will list every single one of them in chronological order and update it daily. In my estimation, there are +30 already (all created in the past 30 days).

Ones I've spotted today (will tag and report whenever I get more info about wallets):

[ANN] [Masternode] [POS] FYD Coin - (archived)

Fake Github, created 5 hours ago - https://github.com/Fyd-Coin

Original FydCoin - https://github.com/Fydcoin/FYD and their ANN


[RSIN] Roketsin - (archived) Fake ann with links to bitbucket.

Original announcement thread for Roketsin - [RSIN] Roketsin


These two are very likely to be fake as well, having links to mega.nz wallets (self-moderated) opposed to the original project having their own GitHub.

Fakes:

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN - (archived)

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN - (archived)

Original - https://bitcointalksearch.org/topic/ann-online-leagueio-olc-lol-csgo-the-game-is-yours-pos-pow-mn-5141278 and their GitHub - https://github.com/ProjectOnlineLeague

EDIT; One of the topics was just edited...and replaced lol

https://bitcointalksearch.org/topic/--5142590 - (archived)

EDIT2;

ONLINE-LEAGUE impersonators tagged and reported.

Proof:

Good work sir definitely this will just keep helping the community on not to encounter losses in future.
legendary
Activity: 2212
Merit: 2061
Join the world-leading crypto sportsbook NOW!
I don't want to start a new thread for every fake ANN with malicious wallets so I will be making a MEGA thread by the end of the week. Will list every single one of them in chronological order and update it daily. In my estimation, there are +30 already (all created in the past 30 days).

Ones I've spotted today (will tag and report whenever I get more info about wallets):

[ANN] [Masternode] [POS] FYD Coin - (archived)

Fake Github, created 5 hours ago - https://github.com/Fyd-Coin

Original FydCoin - https://github.com/Fydcoin/FYD and their ANN

Proof:
https://www.virustotal.com/#/file/b4cc9f85f184cffe882d2c56993d03fc1f38de338e838d40f26d884725b4a7c2/detection



[RSIN] Roketsin - (archived) Fake ann with links to bitbucket.

Original announcement thread for Roketsin - [RSIN] Roketsin

Proof:
https://www.virustotal.com/#/file/e92d4760a0d1736821cdbccc8bfb195274acce9f1d6080b318ce09523ecfa3c4/detection



MultiVAC (MTV)

Proof:

Rig software
https://www.virustotal.com/#/file/7a60731b74243daeebf7e675c1c19beaf37f8514d0b72add822730c1d19a765b/detection
Wallet
https://www.virustotal.com/#/file/40a7e731b9aadca0f29cd1c25f90ac30f4df4765bfe6d2bb3c79fc53e6730b93/detection



MIR COIN

https://github.com/MIR-COIN

Proof:

https://www.virustotal.com/#/file/7a45aae25028d287fd4d1efac5671ccb6c61635e38931d8fc76c238e2463a0d1/detection

Again, special thanks to TakeItEasy for wallet testing!


These two are very likely to be fake as well, having links to mega.nz wallets (self-moderated) opposed to the original project having their own GitHub.

Fakes:

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN - (archived)

[ANN] ONLINE-LEAGUE [OLC] | LoL | CS:GO | THE GAME IS YOUR's | PoS | PoW | MN - (archived)

Original - https://bitcointalksearch.org/topic/ann-online-leagueio-olc-lol-csgo-the-game-is-yours-pos-pow-mn-5141278 and their GitHub - https://github.com/ProjectOnlineLeague

EDIT; One of the topics was just edited...and replaced lol

https://bitcointalksearch.org/topic/--5142590 - (archived)

EDIT2;

ONLINE-LEAGUE impersonators tagged and reported.

Proof:


EDIT3; Cheesy

Yet another fake ANN (6 total for today), possibly comprised account as well (judging by mipari's post history).  Undecided

[ANN] [Stellar] Stellar Gold XLMG Pre-Mine - (archived)

Wallet straight from fake DUO NETWORK Github:



member
Activity: 420
Merit: 12
Globe-dex.com
Where I suspected this account was slightly hacked and used to make that post is where I open my browser and the account wasn't login rather it was just the normal bitcointalk.org interface I saw. I was surprised.
member
Activity: 420
Merit: 12
Globe-dex.com
<…>
Quote
Today at 09:26:50 AM - bbvedf - password changed
And by change, it's just "password change" so i am wondering how he could have been able to access his account to change the password if he already wasn't able to log in.
@bbvedf is from my local board, and has opened a thread there to try to get some help on the matter (see Ayuda con mi cuenta de BCT – it’s in Spanish though). The way he’s depicting the events, he claims that he was “silently hacked”. That is to say, someone gained access to his account, using his same credentials (not changing them), and published the fake Ann thread from his account. If true, that would be the best way to use an account for wrong doing, although it does constitute a very difficult case to prove.

It also likely denotes a weak password management, as for this to happen without brute force, he would have to have used the same password in a crypto related site and have the password leaked from there. That alone is arguably irresponsible to some extent, but I’m pretty sure there are thousands of users here that use the same password on a couple of sites.

The only possible way to move on with trying to clear @bbvedf’s claims (which are very similar to @Mrengage’s) would be for both of the to ask @theymos for their access logs for the date of events, and see what that may show. It certainly will not be conclusive, but may show something interesting (i.e. common IPs from Russia for example – again not conclusive, but opens a door to suspicion).

Looking at the archived thread (http://archive.fo/yfa4D), I believe tagging the accounts is correct (how not to, seeing the evidence), but it would be good to know if we are facing a couple of more intelligent account hacks here, where the accounts are only taken temporarily without changing the credentials. It’s likely nearly impossible to prove this were it to be true, but the IP logs could help to raise suspicion or drown it altogether.

Of course making IP log retrieval a general habit would be a pain in the back side, and likely won’t be done except on an rare occasions, but perhaps it’s worth a go here to see what it may lead to.
Definitely I go by what you said here this alone can happen to more  other users in the platform if it's not taking care of.
member
Activity: 420
Merit: 12
Globe-dex.com
I get it you are basically doing your job to get scammers. Which is a good thing to know but right here sir I didn't make that post and this ACC was hacked I don't logout my account from my browser. But was surprised when I opened my browser what I saw was BITCOINTALK HOME PAGE. AND THE ACCOUNT WAS LOGOUT
Alright, let's wait for Theymos' response.
If, you account was hacked then you really need to secure it and that starts with changing passwords which you haven't done up to now since the said hack.

If I get to change this account password yesterday it won't give a proof that I wasn't the one that posted that topic I will need to get access to my IP logs from theymos so I compare the activities that took place on this account the day the account was hacked.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
<…>
Quote
Today at 09:26:50 AM - bbvedf - password changed
And by change, it's just "password change" so i am wondering how he could have been able to access his account to change the password if he already wasn't able to log in.
@bbvedf is from my local board, and has opened a thread there to try to get some help on the matter (see Ayuda con mi cuenta de BCT – it’s in Spanish though). The way he’s depicting the events, he claims that he was “silently hacked”. That is to say, someone gained access to his account, using his same credentials (not changing them), and published the fake Ann thread from his account. If true, that would be the best way to use an account for wrong doing, although it does constitute a very difficult case to prove.

It also likely denotes a weak password management, as for this to happen without brute force, he would have to have used the same password in a crypto related site and have the password leaked from there. That alone is arguably irresponsible to some extent, but I’m pretty sure there are thousands of users here that use the same password on a couple of sites.

The only possible way to move on with trying to clear @bbvedf’s claims (which are very similar to @Mrengage’s) would be for both of the to ask @theymos for their access logs for the date of events, and see what that may show. It certainly will not be conclusive, but may show something interesting (i.e. common IPs from Russia for example – again not conclusive, but opens a door to suspicion).

Looking at the archived thread (http://archive.fo/yfa4D), I believe tagging the accounts is correct (how not to, seeing the evidence), but it would be good to know if we are facing a couple of more intelligent account hacks here, where the accounts are only taken temporarily without changing the credentials. It’s likely nearly impossible to prove this were it to be true, but the IP logs could help to raise suspicion or drown it altogether.

Of course making IP log retrieval a general habit would be a pain in the back side, and likely won’t be done except on an rare occasions, but perhaps it’s worth a go here to see what it may lead to.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
I get it you are basically doing your job to get scammers. Which is a good thing to know but right here sir I didn't make that post and this ACC was hacked I don't logout my account from my browser. But was surprised when I opened my browser what I saw was BITCOINTALK HOME PAGE. AND THE ACCOUNT WAS LOGOUT
Alright, let's wait for Theymos' response.
If, you account was hacked then you really need to secure it and that starts with changing passwords which you haven't done up to now since the said hack.
member
Activity: 420
Merit: 12
Globe-dex.com
No problem... I will be waiting
Pages:
Jump to: