Warning: Website Scam | Bitcointalksearch.org

JollyGood

legendary

Activity: 2534

Merit: 1713

Top Crypto Casino

These scammers are getting more and more sophisticated. There is so much money in the crypto sphere that is why the scammers are finding more and more ways to steal from unsuspecting
people.

Quote from: OmegaStarScream on March 23, 2020, 04:07:54 AM

I just installed it (didn't run it) and I noticed that at the last step, you are asked to run a file called null.exe (which is not inside the installed folder)

I searched for the file and found it in the following paths:

Code:

%AppData%/WinUpdate/
%AppData%/WinUpdate/ZLCWallet/4/

Scanning results: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection

So as OP said, this will allow the attacker to take control over your computer.

Yaunfitda

hero member

Activity: 2870

Merit: 594

Yes, the site is no longer accessible, thanks to those who have reported it.

And thanks to the OP for the warning, this will be a continues mouse-and-cat game here. If you don't investigate, and just be very very careful on anything, don't careful, check everything first, update our anti-virus software. Stay vigilant and stay safe.

OmegaStarScream

staff

Activity: 3500

Merit: 6152

Update: I reached out to Namecheap, and they suspended the domain name (registrar status set to clientHold): http://whois.domaintools.com/zeldacoin.club

LbtalkL

full member

Activity: 1176

Merit: 162

I guess it better to post a screenshot of the website than putting the link here some people might click it and it is not safe. If they can get all of our personal information we can consider this a phishing too. If you found similar websites kindly report it here: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

chihien531568

jr. member

Activity: 45

Merit: 5

Quote from: noorman0 on March 22, 2020, 09:17:21 PM

I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?

First they use telegram account to talk to me: they are managing a new trading platform, if possible, please help them promote the image as well as introduce the platform and they will pay salaries for I.
To create trust, they even said they would give me $ 80, but I needed to download and install it on my device to get them paid.
The result: as I said in the article, they can do anything on their computer.
Luckily I was suspiciou so I installed it on the computer without anything.

CryptoYar

hero member

Activity: 1064

Merit: 639

Quote from: chihien531568 on March 22, 2020, 06:57:28 PM

More Information about this malware
File type:
Win32 EXE
File Name:
null.exe
Magic:
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
File size:
2.11 MB (2214528 bytes)
Creation Time:
2017-08-11 13:54:06

Source:https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/details

bitbollo

legendary

Activity: 3276

Merit: 3537

Nec Recisa Recedit

Hi @chihien531568
report to moderator this topic and ask to move to the right board.
Follow the format for a proper scam accusation according this format
https://bitcointalksearch.org/topic/scam-report-format-use-it-to-make-scam-reports-properly-260073
Thanks for your report

Jeremy Franklin

member

Activity: 185

Merit: 34

Nice find OP, but i think this post should be moved to "Scam Accusations". Stay safe everyone!

OmegaStarScream

staff

Activity: 3500

Merit: 6152

I just installed it (didn't run it) and I noticed that at the last step, you are asked to run a file called null.exe (which is not inside the installed folder)

I searched for the file and found it in the following paths:

Code:

%AppData%/WinUpdate/
%AppData%/WinUpdate/ZLCWallet/4/

Scanning results: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection

So as OP said, this will allow the attacker to take control over your computer.

Python Master

copper member

Activity: 406

Merit: 1

Quote from: noorman0 on March 22, 2020, 09:17:21 PM

I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?

Do you mean that it'll automatically download the file after you click the login button. Most scam websites do this.
Try to block automatic download, in chrome type in address bar chrome://settings/content, scroll and find Automatic downloads section, turn on
Ask when a site tries to download files automatically after the first file (recommended)

noorman0

hero member

Activity: 1778

Merit: 709

[Nope]No hype delivers more than hope

I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?

chihien531568

jr. member

Activity: 45

Merit: 5

Warning: https://zeldacoin.club/
This is a phishing website, people should not download and install on any of your devices, because they can get all your personal information and take control of your device.

Topic: Warning: Website Scam (Read 267 times)