Topic: {Warning}: Attackers Create Elaborate Crypto Trading Scheme to Install Malware (Read 191 times)
October 19, 2019, 12:08:13 PM
Locking this thread as the site is already off-line. Thanks to those who have reported it!!!
October 18, 2019, 01:39:03 PM
If I understood you correctly, what the hacker did is binding a malware to a legitimate trading app?
If so, an updated antivirus would easily detect the malware.
Reporting the website is a must but it won't solve the problem as the hacker can register a new domain name whenever he wants.
If so, an updated antivirus would easily detect the malware.
Reporting the website is a must but it won't solve the problem as the hacker can register a new domain name whenever he wants.
October 18, 2019, 12:06:06 PM
Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
As the technological age goes by and security features tightens, hackers and scammers also upgraded their hacking schemes and styles to follow and move together with the trend so they can still do and execute their plans. They make a trojan styled website where they will make it look like a legitimate and useful so users will be convinced to use it and once they run it to their computers it will start the phishing activity. I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
October 16, 2019, 01:33:13 PM
Report sent! such sites should really be taken down.This one is hardly to be noticed if you dont have such experienced eyes. 
October 16, 2019, 11:34:26 AM
Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
Not necessary to raise red flags because I have seen several open source projects that just let the users download the binaries and execute the program on their computers.I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
Hosting on Github helps to give users a false sense of trust that all the code is right in front of you if they had hosted on their own website, chances are lesser people would have downloaded.
I wanna know whether antiviruses are capable to detect such backdoors or not. If yes, then this scam could have been avoided by just using a decent AV.
October 14, 2019, 08:47:26 PM
They can promote it by sending a link to their personal email, creating attractive bonus programs for hunters. These types of scams are very sophisticated and professional.
October 14, 2019, 07:01:08 PM
I think it is much better if we report it to it's registrar which is NameaCheap, so that they will able to take it down ASAP.
So, I submitted a ticket about this phishing website on it's registrar which is NameCheap, Inc.
Also reported here: https://etherscamdb.info/
Hoping for their fast response and action, especially on their registrar because they can take down the site once it is proved that that domain is abusing/containing some malware.
So, I submitted a ticket about this phishing website on it's registrar which is NameCheap, Inc.
Also reported here: https://etherscamdb.info/
Hoping for their fast response and action, especially on their registrar because they can take down the site once it is proved that that domain is abusing/containing some malware.
October 14, 2019, 04:20:33 PM
Not bad. Thank you for distributing such important information. Hackers really improve tirelessly.
Only attentiveness and timely communication of the community will help get rid of this scourge, or at least protect yourself.
Always check if your connection is secure. Always check the address bar. Do not be lazy to spend an extra few minutes, this can save you money, time and nerves.
Thanks again.
Only attentiveness and timely communication of the community will help get rid of this scourge, or at least protect yourself.
Always check if your connection is secure. Always check the address bar. Do not be lazy to spend an extra few minutes, this can save you money, time and nerves.
Thanks again.
October 14, 2019, 02:34:26 PM
Why didn't you report to Github to be deleted?
Because it's already removed/deleted? I tried access the repository from link i found at the article and i got 404.
Even the website's content already removed, and only show "Index of /", which don't show any file or directory.
October 14, 2019, 02:15:55 PM
Open-source programs or those hosted on Github do not mean they are secure. You should make sure that some trusted developers have reviewed the code or at least the application works for a long time and has popularity with no reports of hacking.
Why didn't you report to Github to be deleted?
The establishment of this domain did not last more than 100 days.
Why didn't you report to Github to be deleted?
Quote from: https://whois.domaintools.com/jmttrading.org
95 days old
Created on 2019-07-11
Expires on 2020-07-11
Updated on 2019-09-09
Created on 2019-07-11
Expires on 2020-07-11
Updated on 2019-09-09
The establishment of this domain did not last more than 100 days.
October 13, 2019, 05:12:46 AM
Thank you again @Baofeng for giving us a heads-up regarding this kind of attacks for bad entities in this crypto sphere. I'm sure that this is not the last one that we are going to see this kind of malicious intent. So we really need to be very attentive and think before we download something.
I also reported it as well. And I do hope that no one in this community has fallen victim to this kind of attacks.
I also reported it as well. And I do hope that no one in this community has fallen victim to this kind of attacks.
October 13, 2019, 02:35:57 AM
Damn,this is clever in a bad way.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
I guess that having to download the software from a Github repository can raise some reg flags and more people will refuse to download it,because it doesn't look professional.
October 13, 2019, 12:25:24 AM
Done, and linked this thread in the description. Hope they'll shut it down.
October 12, 2019, 09:36:14 PM
Since crypto is still hot topic, Hackers are not resting on their laurels and continue to used it as their attack vector. A recently discovered trading apps are running on the web right and pretending to be a legit software but researchers says in a phishing site and it could be connected to a more bigger cyber criminal groups.
To summarised:
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
So kindly avoid this sites and help me report it again, by going to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
To summarised:
Quote
[1] This scheme starts with a professionally designed web site where the attackers promote the JMT Trader program.
[2] Then they also have a official twitter account to spread the this so called new trading apps
[3] If you attempt to download the software, you will be brought to a GitHub repository where you can find Windows and Mac executables for the JMT Trader application. This page also contains the source code for the trading programs for those who want to compile it under Linux. This source code does not appear to be malicious.
[4] Using the JMT Trade program, a user can create various exchange profiles and use it legitimately to trade cryptocurrency. That's because this application and the above GitHub page are just clones of the legitimate QT Bitcoin Trader program that have been adopted for this malware operation.
[5] When the JMT Trader is installed, though, the installer will also extract a secondary program called CrashReporter.exe and save it to the %AppData%\JMTTrader folder.
And then you are done!!!
[2] Then they also have a official twitter account to spread the this so called new trading apps
[3] If you attempt to download the software, you will be brought to a GitHub repository where you can find Windows and Mac executables for the JMT Trader application. This page also contains the source code for the trading programs for those who want to compile it under Linux. This source code does not appear to be malicious.
[4] Using the JMT Trade program, a user can create various exchange profiles and use it legitimately to trade cryptocurrency. That's because this application and the above GitHub page are just clones of the legitimate QT Bitcoin Trader program that have been adopted for this malware operation.
[5] When the JMT Trader is installed, though, the installer will also extract a secondary program called CrashReporter.exe and save it to the %AppData%\JMTTrader folder.
And then you are done!!!
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
Code:
PHISHING LINK: http://jmttrading.org
So kindly avoid this sites and help me report it again, by going to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
Jump to: