Author

Topic: Warning: Website Scam (Read 271 times)

legendary
Activity: 2534
Merit: 1713
Top Crypto Casino
March 27, 2020, 10:49:23 AM
#12
These scammers are getting more and more sophisticated. There is so much money in the crypto sphere that is why the scammers are finding more and more ways to steal from unsuspecting
people.

I just installed it (didn't run it) and I noticed that at the last step, you are asked to run a file called null.exe (which is not inside the installed folder)



I searched for the file and found it in the following paths:

Code:
%AppData%/WinUpdate/
%AppData%/WinUpdate/ZLCWallet/4/

Scanning results: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection



So as OP said, this will allow the attacker to take control over your computer.



hero member
Activity: 2870
Merit: 594
March 27, 2020, 04:28:36 AM
#11
Yes, the site is no longer accessible, thanks to those who have reported it.

And thanks to the OP for the warning, this will be a continues mouse-and-cat game here. If you don't investigate, and just be very very careful on anything, don't careful, check everything first, update our anti-virus software. Stay vigilant and stay safe.
staff
Activity: 3500
Merit: 6152
March 27, 2020, 04:13:43 AM
#10
Update: I reached out to Namecheap, and they suspended the domain name (registrar status set to clientHold): http://whois.domaintools.com/zeldacoin.club
full member
Activity: 1176
Merit: 162
March 23, 2020, 11:05:49 AM
#9
I guess it better to post a screenshot of the website than putting the link here some people might click it and it is not safe. If they can get all of our personal information we can consider this a phishing too. If you found similar websites kindly report it here: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
jr. member
Activity: 45
Merit: 5
March 23, 2020, 09:19:27 AM
#8
I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?

First they use telegram account to talk to me: they are managing a new trading platform, if possible, please help them promote the image as well as introduce the platform and they will pay salaries for I.
To create trust, they even said they would give me $ 80, but I needed to download and install it on my device to get them paid.
The result: as I said in the article, they can do anything on their computer.
Luckily I was suspiciou so I installed it on the computer without anything.
hero member
Activity: 1064
Merit: 639
March 23, 2020, 05:17:52 AM
#7

More Information about this malware
File type:
Win32 EXE
File Name:
null.exe
Magic:
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
File size:
2.11 MB (2214528 bytes)
Creation Time:
2017-08-11 13:54:06

Source:https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/details
legendary
Activity: 3276
Merit: 3537
Nec Recisa Recedit
March 23, 2020, 05:02:31 AM
#6
Hi @chihien531568
report to moderator this topic and ask to move to the right board.
Follow the format for a proper scam accusation according this format
https://bitcointalksearch.org/topic/scam-report-format-use-it-to-make-scam-reports-properly-260073
Thanks for your report
member
Activity: 185
Merit: 34
March 23, 2020, 04:57:05 AM
#5
Nice find OP, but i think this post should be moved to "Scam Accusations". Stay safe everyone!
staff
Activity: 3500
Merit: 6152
March 23, 2020, 04:07:54 AM
#4
I just installed it (didn't run it) and I noticed that at the last step, you are asked to run a file called null.exe (which is not inside the installed folder)



I searched for the file and found it in the following paths:

Code:
%AppData%/WinUpdate/
%AppData%/WinUpdate/ZLCWallet/4/

Scanning results: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection



So as OP said, this will allow the attacker to take control over your computer.


copper member
Activity: 406
Merit: 1
March 22, 2020, 10:48:57 PM
#3
I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?

Do you mean that it'll automatically download the file after you click the login button. Most scam websites do this.
Try to block automatic download, in chrome type in address bar chrome://settings/content, scroll and find Automatic downloads section, turn on
Ask when a site tries to download files automatically after the first file (recommended)
hero member
Activity: 1778
Merit: 709
[Nope]No hype delivers more than hope
March 22, 2020, 09:17:21 PM
#2
I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?
jr. member
Activity: 45
Merit: 5
March 22, 2020, 06:57:28 PM
#1
Warning: https://zeldacoin.club/
This is a phishing website, people should not download and install on any of your devices, because they can get all your personal information and take control of your device.
Jump to: