Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Author

Topic: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated (Read 176 times)

BABY SHOES
sr. member
Activity: 294
Merit: 433
HODL - BTC
[Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
September 23, 2023, 07:04:43 PM
#11
Quote from: JeromeTash on September 23, 2023, 10:04:50 AM
Quote from: BABY SHOES on September 22, 2023, 08:35:40 PM
I found the same thing today in the forum, there were 5 users who created self-moderated ANNs which were actually spreading malware simultaneously with accounts created at the same time.
Nice catch, keep up the good work.
Thank you!

Like his sock puppet accounts they are many probably dozens as I found again at almost the same time they spread back on his self-moderated forum with 5 sock accounts currently.

I'm guessing they'd be doing this every day if there were still that many accounts in storage.

New arrests that have been reported in the @Lafu thread.
https://bitcointalksearch.org/topic/m.62892393
arabspaceship123
full member
Activity: 896
Merit: 193
web developer for hire
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
September 23, 2023, 06:37:53 PM
#10
GitHub's got to defend their rep so it's in their benefit. Malware isn't going away scammers aren't going to stop using it they'll change profiles to start over. It's a good result you've reported FiftyOnePercent TradeBot to them.

Quote from: JeromeTash on August 31, 2023, 06:10:30 AM
They have been using GitHub as well to post malware for ages. The good news is that once you report such profiles in GitHub with evidence of the files the uploaded being malicious, they will immediately act and ban the profile, like they did with FiftyOnePercent TradeBot when I reported.
JeromeTash
legendary
Activity: 2338
Merit: 1261
Heisenberg
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
September 23, 2023, 10:04:50 AM
#9
Quote from: BABY SHOES on September 22, 2023, 08:35:40 PM
I found the same thing today in the forum, there were 5 users who created self-moderated ANNs which were actually spreading malware simultaneously with accounts created at the same time.
Nice catch, keep up the good work.


Quote from: Husires on September 22, 2023, 10:53:21 PM
Thanks for the warning. I thought that posting the code publicly might be a positive for trust, as the code will be reviewed and of course if there is a problem it will be discovered, but it seems that the scammers are relying on people being lazy and will not check the code.
self-moderated ANNs detected them, but it is better to avoid installing such open source software without searching for who checked the code.
They don't post the malicious source code publicly per se, but they use GitHub to upload their malicious files and also fork repositories of existing legitimate projects to make it appear as through they are also legitimate.
Husires
legendary
Activity: 1596
Merit: 1288
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
September 22, 2023, 10:53:21 PM
#8
Thanks for the warning. I thought that posting the code publicly might be a positive for trust, as the code will be reviewed and of course if there is a problem it will be discovered, but it seems that the scammers are relying on people being lazy and will not check the code.
self-moderated ANNs detected them, but it is better to avoid installing such open source software without searching for who checked the code.
BABY SHOES
sr. member
Activity: 294
Merit: 433
HODL - BTC
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
September 22, 2023, 08:35:40 PM
#7
I found the same thing today in the forum, there were 5 users who created self-moderated ANNs which were actually spreading malware simultaneously with accounts created at the same time.



I've reported this in @Lafu's thread - Also report it to the moderator

Quote from: BABY SHOES on September 22, 2023, 08:03:07 PM
Found fake threads by spreading viruses from apps downloaded from fake GitHub,

ANN: https://bitcointalksearch.org/topic/--5467770
Account: tawaresder

Fake GitHub: (Created 41 minutes ago)
Code:
https://github.com/bitxor-coin/bitxor-coin/releases/tag/v1.0.3


Virustotal: https://www.virustotal.com/gui/file/545d03832a26a05559d378c2669c97e5af0a84303c3830b701afad496dc88559


ANN: https://bitcointalksearch.org/topic/--5467768
Account: Ujetanokilk

Fake GitHub: (Made a few hours ago)
Code:
https://github.com/thewebers-coin/thewebers-coin/releases/tag/v1.0.1
Virustotal: https://www.virustotal.com/gui/file/24e7c50efa47ecbd08a1e556b5c3e034b5e6f4d5c09fa7146865021bb12052ef



ANN: https://bitcointalksearch.org/topic/--5467764
Account: ikopreditero

Fake GitHub:
Code:
https://github.com/Scrooge-Coin/Scrooge-Coin/releases/tag/v1.2.1


Virustotal: https://www.virustotal.com/gui/file/c625324960a6c20b41472c901c6521a9bc92d75edaf0f42a45c93892fe1f5b11


ANN: https://bitcointalksearch.org/topic/--5467771
Account: gattokoter

Fake GitHub:
Code:
https://github.com/Capy-Coin/Core/releases/tag/v1.2.2


Virustotal: https://www.virustotal.com/gui/file/bf3e4c13e6f965d38d88087e8ef861d9acf2d8eb9398178e679c19d28214d2b7?nocache=1


ANN: https://bitcointalksearch.org/topic/--5467759
Account: likkosader

Fake GitHub:
Code:
https://github.com/Shmingus-Coin/Core/releases/tag/v1.1.0


Virustotal: https://www.virustotal.com/gui/file/c6bf52a2d0904e1ec337401ddebd782885e505ffc126f4a8838678d6ef2793bf
JeromeTash
legendary
Activity: 2338
Merit: 1261
Heisenberg
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
August 31, 2023, 06:10:30 AM
#6
Quote from: arabspaceship123 on August 30, 2023, 07:18:04 PM
It's the first time I've noticed in a forum post Github's being used to upload malware. It's difficult we're living in a time when ppl who've downloaded software from Github find their cryptocurrencies vanished. Thanks you've exposed ppl who send malware to unsuspecting users we've all got to be careful with installing software.
They have been using GitHub as well to post malware for ages. The good news is that once you report such profiles in GitHub with evidence of the files the uploaded being malicious, they will immediately act and ban the profile, like they did with FiftyOnePercent TradeBot when I reported.

arabspaceship123
full member
Activity: 896
Merit: 193
web developer for hire
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
August 30, 2023, 07:18:04 PM
#5
It's the first time I've noticed in a forum post Github's being used to upload malware. It's difficult we're living in a time when ppl who've downloaded software from Github find their cryptocurrencies vanished. Thanks you've exposed ppl who send malware to unsuspecting users we've all got to be careful with installing software.
albon
legendary
Activity: 1890
Merit: 1537
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
August 28, 2023, 06:44:08 PM
#4
Quote from: JeromeTash on August 28, 2023, 09:11:37 AM
What happened: User ravoniokea posted a self-moderated announcement in which he is trying to advertise a bot which is actually malware
Thank you, Jerome, for making the community safe,

If the OP of these Self-Moderated topics did not explain his purpose in creating them in this way, then this is sufficient evidence of his malicious intent.

Although this scammer has been banned and his topic was deleted, which he published as a self-moderated ANN topic in order to prevent members from writing replies that expose his malicious bot that contains malwares, he can publish more topics using more stolen accounts such as those that wrote him positive feedbacks and posts positive replies in his topics, So each member must not download anything on his primary device to try it through self-moderated topics that are created by new members whose accounts have been newly created.

Quote from: theymos on March 13, 2013, 08:52:59 PM
In most sections, you now have the option of marking topics self-moderated when creating them. In self-moderated topics, the OP can delete replies. The option for enabling this is under "additional options". Topics cannot be converted to self-moderated topics after creation.
There are no rules to self-moderation. In self-moderated threads, replies belong to the OP.
Nwada001
hero member
Activity: 700
Merit: 673
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
August 28, 2023, 05:32:02 PM
#3
Even without even making further inquiries, the method used in advertising the bot is enough to make it look suspicious, as this form of shilling or scamming has been going on here, and people are cautious enough now, if I must say.

But what do these scammers even think of this forum? It's a place where they can just come and drop links in whatever method they want, and members won't try to check the genuineness of the platform shared.
 
Quote from: light_warrior on August 28, 2023, 10:24:58 AM
I have here discovered that one of the users who promotes a phishing link is evading a ban. It's JACKSW4G. I made a post about it in the appropriate thread. I will check the other accounts as soon as I have some free time.

https://bitcointalksearch.org/topic/m.62761260

One case leads to the other, and who knows how many more you will have to dig out in the process of this?
light_warrior
copper member
Activity: 588
Merit: 926
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
August 28, 2023, 10:24:58 AM
#2
I have here discovered that one of the users who promotes a phishing link is evading a ban. It's JACKSW4G. I made a post about it in the appropriate thread. I will check the other accounts as soon as I have some free time.

https://bitcointalksearch.org/topic/m.62761260
JeromeTash
legendary
Activity: 2338
Merit: 1261
Heisenberg
Re: [Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated
August 28, 2023, 09:11:37 AM
#1
What happened: User ravoniokea posted a self-moderated announcement in which he is trying to advertise a bot which is actually malware


Scammers Profile Link: https://bitcointalksearch.org/user/ravoniokea-3387003

Sock puppet accounts involved:
1. https://bitcointalksearch.org/user/li1460293896-3497144
2. https://bitcointalksearch.org/user/jacksw4g-452421
3. https://bitcointalksearch.org/user/cryptobillboard-376541

Probably hacked or stolen

Reference Link/ANN: https://bitcointalksearch.org/topic/--5463988 Archive: https://ninjastic.space/post/62726027

https://www.virustotal.com/gui/file/9ed7ad1ccff53946a06f0a1d148316636862663e1fec63b01785ccdc307d1ce5/detection


Malicious file
Code:
https://github.com/fiftyone-percent/trade-bot/releases/tag/v1.2.0

Additional Notes:

They deleted my comment once I exposed their sock puppet ring
Quote from: ?? on ??
I have been waiting for your launch for a long time, I will be happy to observe the development of the project. Good luck!
Quote from: ?? on ??
An interesting project, in terms of functionality it doesn’t really differ from similar projects, but from the pluses I can single out that it has its own interface, which makes it easier to use. In short - at least I advise you to try.
Quote from: ?? on ??
Yeah, this is definitely my top 5
Did you all just decide to wake up your inactive accounts at a specific period to advertise a service and bump this Announcement to create a fake buzzy feeling? Weak move.
This makes your service even more suspicious

ravoniokea (OP) - https://bpip.org/Profile?id=3387003


Quote from: https://bpip.org/Profile?id=3387003
8/21/2023 1:02:12 AM   Profile woke up   New post

li1460293896 - https://bpip.org/Profile?id=3497144


Quote from: https://bpip.org/Profile?id=3497144
8/13/2023 4:26:01 AM   Profile woke up   New post

JACKSW4G - https://bpip.org/Profile?id=452421


Quote from: https://bpip.org/Profile?id=452421
1/12/2023 3:27:50 PM   woke up
7/23/2023 8:37:53 AM   password changed
8/15/2023 9:00:05 AM   password changed

CryptoBillboard - https://bpip.org/Profile?id=376541


Quote from: https://bpip.org/Profile?id=376541
5/14/2023 4:32:33 PM   woke up


All these accounts are alts from OP to all the above replying posters with fake feedback.
Bitcoin Forum>Economy>Trading Discussion>Scam Accusations
Jump to: