SCAM - Ulord(UT) FAKE ANN and FAKE Wallet to Spread Malware. - page 2.

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: Mrengage on May 11, 2019, 06:12:29 PM

I get it you are basically doing your job to get scammers. Which is a good thing to know but right here sir I didn't make that post and this ACC was hacked I don't logout my account from my browser. But was surprised when I opened my browser what I saw was BITCOINTALK HOME PAGE. AND THE ACCOUNT WAS LOGOUT

I've sent theymos a PM about your case and bbvedf. If I get a confirmation from him that there was indeed an unusual activity surrounding your account (as in login from different IPs / devices), I will remove my negative tag, until then there is nothing much you can do. We have to wait.

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

Quote from: Bitcoin_Arena on May 11, 2019, 05:47:21 PM

Quote from: Mrengage on May 11, 2019, 05:37:05 PM

I was unable to login this account today that this INCIDENT took place and its still today that the post was made. Definitely this ACCOUNT WAS HACKED!

Let me give you a benefit of doubt. Assuming you were not able to login, that means your password was changed right?
Why is it that on the seclog, there is nothing to show that your password was change?
BPIP too has no information showing that your password was changed recently

Look I am no hater or anything like that, I am just trying to reason

Quote from: morvillz7z on May 11, 2019, 05:29:32 PM

I'm not trying to defend him but there is another user who earlier today reported that he was temporarily hacked: https://bitcointalksearch.org/topic/ayuda-con-mi-cuenta-de-bct-5141746

I was due to send theymos a msg tomorrow and see if there is indeed unusual activity (as in different IP logs) around both accounts.

Maybe that could work too.
By the way i don't know much Spanish yet, so i don't know what really happened on that other guy's story but what i see on BPIP and Seclog is only one passowrd change that happened today

Quote

Today at 09:26:50 AM - bbvedf - password changed

And by change, it's just "password change" so i am wondering how he could have been able to access his account to change the password if he already wasn't able to log in.

I get it you are basically doing your job to get scammers. Which is a good thing to know but right here sir I didn't make that post and this ACC was hacked I don't logout my account from my browser. But was surprised when I opened my browser what I saw was BITCOINTALK HOME PAGE. AND THE ACCOUNT WAS LOGOUT

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

Quote from: Bitcoin_Arena on May 11, 2019, 05:47:21 PM

Quote from: Mrengage on May 11, 2019, 05:37:05 PM

I was unable to login this account today that this INCIDENT took place and its still today that the post was made. Definitely this ACCOUNT WAS HACKED!

Let me give you a benefit of doubt. Assuming you were not able to login, that means your password was changed right?
Why is it that on the seclog, there is nothing to show that your password was change?
BPIP too has no information showing that your password was changed recently

Look I am no hater or anything like that, I am just trying to reason

Quote from: morvillz7z on May 11, 2019, 05:29:32 PM

I'm not trying to defend him but there is another user who earlier today reported that he was temporarily hacked: https://bitcointalksearch.org/topic/ayuda-con-mi-cuenta-de-bct-5141746

I was due to send theymos a msg tomorrow and see if there is indeed unusual activity (as in different IP logs) around both accounts.

Maybe that could work too.
By the way i don't know much Spanish yet, so i don't know what really happened on that other guy's story but what i see on BPIP and Seclog is only one passowrd change that happened today

Quote

Today at 09:26:50 AM - bbvedf - password changed

And by change, it's just "password change" so i am wondering how he could have been able to access his account to change the password if he already wasn't able to log in.

Yes because it showed me wrong password

And secondly I don't logout my account from my browser
It's always login but was surprised when I opened my browser and the ACC was logged out.

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

Quote from: morvillz7z on May 10, 2019, 11:44:02 AM

Quote from: ICOEthics on May 10, 2019, 11:32:47 AM

I noticed an increase in those type of fake projects with malicious/virus wallets, etc. Maybe it is a way of scammers to retaliate because their projects were caught. (?)

This could very well be the reason behind all these fake ANN. It almost feels as like forum is under attack. Undecided

Just look at recently created ones, all 5 of them...

@OP they have created another topic: https://bitcointalksearch.org/topic/--5141572

HyperCash just got brand new ann, I wish theymos could go after those idiots and wipe them out.

I believe this proof will let you know that those 5 ACCs where HACKED and used to make those post in a roll. Please sir look in this issues. I know nothing about this and if I was to post that topic definitely I will reply to those who replied the post. For example I would have in courage them to invest. Now look at the other hand the post I didn't even see it and secondly it was deleted at that moment.

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Quote from: Mrengage on May 11, 2019, 05:37:05 PM

I was unable to login this account today that this INCIDENT took place and its still today that the post was made. Definitely this ACCOUNT WAS HACKED!

Let me give you a benefit of doubt. Assuming you were not able to login, that means your password was changed right?
Why is it that on the seclog, there is nothing to show that your password was change?
BPIP too has no information showing that your password was changed recently

Look I am no hater or anything like that, I am just trying to reason

Quote from: morvillz7z on May 11, 2019, 05:29:32 PM

I'm not trying to defend him but there is another user who earlier today reported that he was temporarily hacked: https://bitcointalksearch.org/topic/ayuda-con-mi-cuenta-de-bct-5141746

I was due to send theymos a msg tomorrow and see if there is indeed unusual activity (as in different IP logs) around both accounts.

Maybe that could work too.
By the way i don't know much Spanish yet, so i don't know what really happened on that other guy's story but what i see on BPIP and Seclog is only one passowrd change that happened today

Quote

Today at 09:26:50 AM - bbvedf - password changed

And by change, it's just "password change" so i am wondering how he could have been able to access his account to change the password if he already wasn't able to log in.

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

Quote from: Bitcoin_Arena on May 11, 2019, 05:24:49 PM

Quote from: Mrengage on May 11, 2019, 05:02:19 PM

Good job but why giving me a red trust when I haven't took part in any thing of GitHub viruses on the system.

You think you are a smart?
You deleted the topic and then came here claiming you never announced it

On the screenshot your name is clearly there on the Fake Ann.

Quote from: Mrengage on May 11, 2019, 05:20:31 PM

Dam that was a long ago it happen due to this ACC was hacked, I just got it back and getting to see all this

For starters
1. When was your account hacked?
2. How did you get it back?
3. When did you regain control of your account?

I was unable to login this account today that this INCIDENT took place and its still today that the post was made. Definitely this ACCOUNT WAS HACKED!

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

Quote from: morvillz7z on May 11, 2019, 05:29:32 PM

Quote from: Bitcoin_Arena on May 11, 2019, 05:24:49 PM

You think you are a smart?
You deleted the topic and then came here claiming you never announced it.

On the screenshot your name is clearly there on the Fake Ann.

I'm not trying to defend him but there is another user who earlier today reported that he was temporarily hacked: https://bitcointalksearch.org/topic/ayuda-con-mi-cuenta-de-bct-5141746

I was due to send theymos a msg tomorrow and see if there is indeed unusual activity (as in different IP logs) around both accounts.

I won't have to lie definitely I was hacked because this account I saved it remember me I don't have to login offended. I was surprised I was logout when I opened my browser and I try to login I got a wrong password and when I tried again it went through and the next thing I saw was a Red trust.

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

At first I wasn't able to login this account it was showing wrong password and when I finally get in I got to see this I wasn't even online yesterday to make a post I can't even make a post and get it of so quickly. Check this account well sir.

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: Bitcoin_Arena on May 11, 2019, 05:24:49 PM

You think you are a smart?
You deleted the topic and then came here claiming you never announced it.

On the screenshot your name is clearly there on the Fake Ann.

I'm not trying to defend him but there is another user who earlier today reported that he was temporarily hacked: https://bitcointalksearch.org/topic/ayuda-con-mi-cuenta-de-bct-5141746

I was due to send theymos a msg tomorrow and see if there is indeed unusual activity (as in different IP logs) around both accounts.

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Quote from: Mrengage on May 11, 2019, 05:02:19 PM

Good job but why giving me a red trust when I haven't took part in any thing of GitHub viruses on the system.

You think you are a smart?
You deleted the topic and then came here claiming you never announced it

On the screenshot your name is clearly there on the Fake Ann.

Quote from: Mrengage on May 11, 2019, 05:20:31 PM

Dam that was a long ago it happen due to this ACC was hacked, I just got it back and getting to see all this

For starters
1. When was your account hacked?
2. How did you get it back?
3. When did you regain control of your account?

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

I can repeat my self this ACC was hacked I was even logout completely.

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

Dam that was a long ago it happen due to this ACC was hacked, I just got it back and getting to see all this

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: Mrengage on May 11, 2019, 05:02:19 PM

Good job but why giving me a red trust when I haven't took part in any thing of GitHub viruses on the system.

You posted ANN thread for Ulord and links to fake GitHub with infected wallets.

I believe this is the thread, which is now deleted: https://bitcointalksearch.org/topic/--5141572

Does anyone have it archived somewhere?

Mrengage

member

Activity: 420

Merit: 12

Globe-dex.com

Good job but why giving me a red trust when I haven't took part in any thing of GitHub viruses on the system.

JeromeTash

legendary

Activity: 2338

Merit: 1261

Heisenberg

Good job fellas.
Their new Ann are invalid now. Sorry I wasn't so much only for the past 36 hours but i am now back.

By the way looks like the person behind this kind of scam really farmed so many accounts before or hacked them because the accounts used are mostly member accounts and now we are seeing senior member accounts. Very rarely have i seen a newbie account being used lately.

I am going to create a thread to track all these kind of fake Ann scams starting this coming week. I will also dedicate my time to fight off this malware scammer.

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

^ Yeah, I know...I will use this thread to report the rest of the fake ANN/GitHubs, there are 4-5 of them left.

I will update my post shortly!

[ANN] [POW/POS] Ulord (UT) Pre-Mine 50% (archived)

I lost count how many threads they have started for Ulord, user pushkarmore has been tagged, thread reported.

[ANN] [PoW] V-Dimension (VOLLAR) (archived)

v-dimension GitHub - ^original

V-Dimension GitHub - ^fake

Proof:

https://www.virustotal.com/gui/file/698a22b8225034a79e00c05d924f92da054c493a56e1adae5d858835f665c440/detection

https://www.virustotal.com/#/file/e4f7802967dca0e72aa4f2f95cce954a13465ab73f6e7d9b3804a8f55d4b993a/detection

User cleberw3b has been tagged, thread reported!

[ANN] [PoW/PoS] Nasdacoin (NSD) Wallet+Mining Software (archived)

Nasdacoin GitHub - ^original

NasdaCoin-NSD GitHub - ^fake

Proof:

https://www.virustotal.com/gui/file/3950c6c2894d019f182eef6164a9382a6c9b8130b71000646e78c56858413dd2/detection

User Daglo99 has been tagged, thread reported!

[ANN] [ERC20] DUO Network Token - (archived)

DUO Network Github - ^original

DUONetworkToken GitHub - ^fake

Proof:

https://www.virustotal.com/gui/file/8bb61f5e397529a5601f551eeb481d28f19200076f9380d31e354e212a1b3fff/detection

User nonontech has been tagged, thread reported!

There are two new fake ANNs posted by the same Russian scammers, I just need someone to safely test wallets first.

[ANN][ERC20] MultiVAC (MTV) - (archived)

[ANN] [Proof of Work] MIR COIN - (archived)

Fake MIR-COIN GitHub created just 12 hours ago - https://github.com/MIR-COIN

MultiVAC fake GitHub - https://github.com/MultiVAC

ICOEthics

sr. member

Activity: 392

Merit: 892

Quote from: morvillz7z on May 10, 2019, 01:36:37 PM

Quote from: morvillz7z on May 10, 2019, 11:12:04 AM

[ANN] [PoW] V-Dimension (VOLLAR)

the OP for that ANN above (V-Dimension) deleted all his post, and opened a new thread here:

https://bitcointalksearch.org/topic/ann-pow-v-dimension-vollar-5141978
https://archive.is/scRz7

That person knows what he is doing - spreading virus/malicious software.

hugeblack

legendary

Activity: 2702

Merit: 4002

Quote from: ICOEthics on May 10, 2019, 11:32:47 AM

I noticed an increase in those type of fake projects with malicious/virus wallets, etc. Maybe it is a way of scammers to retaliate because their projects were caught. (?)

I think that's because many people trust by default the files coming from Github.
Also, even if most of the file is compressed, an "Open Source" word is used to gain some trust.
There are some tips from the forum about this topic -----> Just because It’s on GitHub. It doesn’t mean it’s safe>
I hope that others report these pages to Gihub and Bitcointalk staff (malicious/virus wallets.)

morvillz7z

legendary

Activity: 2212

Merit: 2061

Join the world-leading crypto sportsbook NOW!

Quote from: ICOEthics on May 10, 2019, 11:59:12 AM

Here, another one: W3Coin ($ 32.6 million sales) (maybe copying the real project?)
https://bitcointalksearch.org/topic/ann-pow-w3coin-pre-mine-5141391

They most certainly are using someone's project to inject malicious wallets, just like all other projects mentioned in this topic.

Fake GitHub is created just 9 hours ago: https://github.com/W3Coin-Software

Real one: https://github.com/w3coin

They are throwing one account after another, a third ANN thread opened for Ulord(UT).

https://bitcointalksearch.org/topic/den-5141597 (archived)

This time it's started by a senior member, I guess they have unlimited number of accounts to do this. Well, I can promise them I have unlimited time and desire to -ve tag each one of them.

EDIT;

Quote from: morvillz7z on May 10, 2019, 11:12:04 AM

[ANN] [PoW] V-Dimension (VOLLAR)

[ANN] [ERC20] DUO Network Token

[ANN] [PoW/PoS] Nasdacoin (NSD)

All three, as expected, tested positive for malware:

Nasdacoin (ann archive)

Quote from: TakeItEasy on May 10, 2019, 10:58:41 PM

https://www.virustotal.com/gui/file/3950c6c2894d019f182eef6164a9382a6c9b8130b71000646e78c56858413dd2/detection

DUO Network Token (ann archive)

Quote from: TakeItEasy on May 10, 2019, 11:04:58 PM

https://www.virustotal.com/gui/file/8bb61f5e397529a5601f551eeb481d28f19200076f9380d31e354e212a1b3fff/detection

V-Dimension (VOLLAR) (ann archive)

Quote from: TakeItEasy on May 10, 2019, 11:08:09 PM

https://www.virustotal.com/gui/file/698a22b8225034a79e00c05d924f92da054c493a56e1adae5d858835f665c440/detection

Big thanks to TakeItEasy, I will tag and report them all tomorrow.

EDIT2;

I can pretty much confirm all these ANNs are started by the same Russian scammers I've been chasing for over a month now.
Look which image hosting websites they use to upload their stolen screens at:

https://i.ibb.co/mbtxBYL/cleb-v-dimension.jpg
https://i.ibb.co/VqCvLMM/Daglo-Nasda.jpg
https://i.ibb.co/44mtmgQ/james-HCash.jpg
https://i.ibb.co/khnmps7/nonontech-DUO-Network-Token.jpg
https://i.ibb.co/YbTDd7j/yey09-Ulord.jpg

ICOEthics

sr. member

Activity: 392

Merit: 892

Quote from: morvillz7z on May 10, 2019, 11:44:02 AM

Quote from: ICOEthics on May 10, 2019, 11:32:47 AM

I noticed an increase in those type of fake projects with malicious/virus wallets, etc. Maybe it is a way of scammers to retaliate because their projects were caught. (?)

This could very well be the reason behind all these fake ANN. It almost feels as like forum is under attack. Undecided

Just look at recently created ones, all 5 of them...

@OP they have created another topic: https://bitcointalksearch.org/topic/--5141572

HyperCash just got brand new ann, I wish theymos could go after those idiots and wipe them out.

Here, another one: W3Coin ($ 32.6 million sales) (maybe copying the real project?)
https://bitcointalksearch.org/topic/ann-pow-w3coin-pre-mine-5141391

Quote from: TakeItEasy on May 10, 2019, 04:23:28 AM

~snip
And malware mining soft
https://www.virustotal.com/#/file/d6c56aae9df1a0d1c7fcb2eeb9f13b69d8714afe1baa5d5c6f8c8c49e76ed86d/detection

Topic: SCAM - Ulord(UT) FAKE ANN and FAKE Wallet to Spread Malware. - page 2. (Read 1057 times)