[Warning] FiftyOnePercent TradeBot is malware. ANN is self-Moderated

[JeromeTash]

What happened: User ravoniokea posted a self-moderated announcement in which he is trying to advertise a bot which is actually malware


Scammers Profile Link: https://bitcointalk.org/index.php?action=profile;u=3387003

Sock puppet accounts involved:
1. https://bitcointalk.org/index.php?action=profile;u=3497144
2. https://bitcointalk.org/index.php?action=profile;u=452421
3. https://bitcointalk.org/index.php?action=profile;u=376541

Probably hacked or stolen

Reference Link/ANN: https://bitcointalk.org/index.php?topic=5463988.0 Archive: https://ninjastic.space/post/62726027

https://www.virustotal.com/gui/file/9ed7ad1ccff53946a06f0a1d148316636862663e1fec63b01785ccdc307d1ce5/detection


Malicious file

Code:

https://github.com/fiftyone-percent/trade-bot/releases/tag/v1.2.0

Additional Notes:

They deleted my comment once I exposed their sock puppet ring

I have been waiting for your launch for a long time, I will be happy to observe the development of the project. Good luck!

An interesting project, in terms of functionality it doesn’t really differ from similar projects, but from the pluses I can single out that it has its own interface, which makes it easier to use. In short - at least I advise you to try.

Yeah, this is definitely my top 5

Did you all just decide to wake up your inactive accounts at a specific period to advertise a service and bump this Announcement to create a fake buzzy feeling? Weak move.
This makes your service even more suspicious

ravoniokea (OP) - https://bpip.org/Profile?id=3387003

8/21/2023 1:02:12 AM   Profile woke up   New post

li1460293896 - https://bpip.org/Profile?id=3497144

8/13/2023 4:26:01 AM   Profile woke up   New post

JACKSW4G - https://bpip.org/Profile?id=452421

1/12/2023 3:27:50 PM   woke up
7/23/2023 8:37:53 AM   password changed
8/15/2023 9:00:05 AM   password changed

CryptoBillboard - https://bpip.org/Profile?id=376541

5/14/2023 4:32:33 PM   woke up

All these accounts are alts from OP to all the above replying posters with fake feedback.

[1714217753]

1714217753

[1714217753]

1714217753

[1714217753]

1714217753

[light_warrior]

I have here discovered that one of the users who promotes a phishing link is evading a ban. It's JACKSW4G. I made a post about it in the appropriate thread. I will check the other accounts as soon as I have some free time.

https://bitcointalk.org/index.php?topic=5094661.msg62761260#msg62761260

[Nwada001]

Even without even making further inquiries, the method used in advertising the bot is enough to make it look suspicious, as this form of shilling or scamming has been going on here, and people are cautious enough now, if I must say.

But what do these scammers even think of this forum? It's a place where they can just come and drop links in whatever method they want, and members won't try to check the genuineness of the platform shared.
 

I have here discovered that one of the users who promotes a phishing link is evading a ban. It's JACKSW4G. I made a post about it in the appropriate thread. I will check the other accounts as soon as I have some free time.

https://bitcointalk.org/index.php?topic=5094661.msg62761260#msg62761260

One case leads to the other, and who knows how many more you will have to dig out in the process of this?

[albon]

What happened: User ravoniokea posted a self-moderated announcement in which he is trying to advertise a bot which is actually malware

Thank you, Jerome, for making the community safe,

If the OP of these Self-Moderated topics did not explain his purpose in creating them in this way, then this is sufficient evidence of his malicious intent.

Although this scammer has been banned and his topic was deleted, which he published as a self-moderated ANN topic in order to prevent members from writing replies that expose his malicious bot that contains malwares, he can publish more topics using more stolen accounts such as those that wrote him positive feedbacks and posts positive replies in his topics, So each member must not download anything on his primary device to try it through self-moderated topics that are created by new members whose accounts have been newly created.

In most sections, you now have the option of marking topics self-moderated when creating them. In self-moderated topics, the OP can delete replies. The option for enabling this is under "additional options". Topics cannot be converted to self-moderated topics after creation.
There are no rules to self-moderation. In self-moderated threads, replies belong to the OP.

[arabspaceship123]

It's the first time I've noticed in a forum post Github's being used to upload malware. It's difficult we're living in a time when ppl who've downloaded software from Github find their cryptocurrencies vanished. Thanks you've exposed ppl who send malware to unsuspecting users we've all got to be careful with installing software.

[JeromeTash]

It's the first time I've noticed in a forum post Github's being used to upload malware. It's difficult we're living in a time when ppl who've downloaded software from Github find their cryptocurrencies vanished. Thanks you've exposed ppl who send malware to unsuspecting users we've all got to be careful with installing software.

They have been using GitHub as well to post malware for ages. The good news is that once you report such profiles in GitHub with evidence of the files the uploaded being malicious, they will immediately act and ban the profile, like they did with FiftyOnePercent TradeBot when I reported.

[BABY SHOES]

I found the same thing today in the forum, there were 5 users who created self-moderated ANNs which were actually spreading malware simultaneously with accounts created at the same time.



I've reported this in @Lafu's thread - Also report it to the moderator

Found fake threads by spreading viruses from apps downloaded from fake GitHub,

ANN: https://bitcointalk.org/index.php?topic=5467770.0
Account: tawaresder

Fake GitHub: (Created 41 minutes ago)

Code:

https://github.com/bitxor-coin/bitxor-coin/releases/tag/v1.0.3

Virustotal: https://www.virustotal.com/gui/file/545d03832a26a05559d378c2669c97e5af0a84303c3830b701afad496dc88559


ANN: https://bitcointalk.org/index.php?topic=5467768.0
Account: Ujetanokilk

Fake GitHub: (Made a few hours ago)

Code:

https://github.com/thewebers-coin/thewebers-coin/releases/tag/v1.0.1

Virustotal: https://www.virustotal.com/gui/file/24e7c50efa47ecbd08a1e556b5c3e034b5e6f4d5c09fa7146865021bb12052ef



ANN: https://bitcointalk.org/index.php?topic=5467764.0
Account: ikopreditero

Fake GitHub:

Code:

https://github.com/Scrooge-Coin/Scrooge-Coin/releases/tag/v1.2.1

Virustotal: https://www.virustotal.com/gui/file/c625324960a6c20b41472c901c6521a9bc92d75edaf0f42a45c93892fe1f5b11


ANN: https://bitcointalk.org/index.php?topic=5467771.0
Account: gattokoter

Fake GitHub:

Code:

https://github.com/Capy-Coin/Core/releases/tag/v1.2.2

Virustotal: https://www.virustotal.com/gui/file/bf3e4c13e6f965d38d88087e8ef861d9acf2d8eb9398178e679c19d28214d2b7?nocache=1


ANN: https://bitcointalk.org/index.php?topic=5467759.0
Account: likkosader

Fake GitHub:

Code:

https://github.com/Shmingus-Coin/Core/releases/tag/v1.1.0

Virustotal: https://www.virustotal.com/gui/file/c6bf52a2d0904e1ec337401ddebd782885e505ffc126f4a8838678d6ef2793bf

[Husires]

Thanks for the warning. I thought that posting the code publicly might be a positive for trust, as the code will be reviewed and of course if there is a problem it will be discovered, but it seems that the scammers are relying on people being lazy and will not check the code.
self-moderated ANNs detected them, but it is better to avoid installing such open source software without searching for who checked the code.

[JeromeTash]

I found the same thing today in the forum, there were 5 users who created self-moderated ANNs which were actually spreading malware simultaneously with accounts created at the same time.

Nice catch, keep up the good work.

Thanks for the warning. I thought that posting the code publicly might be a positive for trust, as the code will be reviewed and of course if there is a problem it will be discovered, but it seems that the scammers are relying on people being lazy and will not check the code.
self-moderated ANNs detected them, but it is better to avoid installing such open source software without searching for who checked the code.

They don't post the malicious source code publicly per se, but they use GitHub to upload their malicious files and also fork repositories of existing legitimate projects to make it appear as through they are also legitimate.

[arabspaceship123]

GitHub's got to defend their rep so it's in their benefit. Malware isn't going away scammers aren't going to stop using it they'll change profiles to start over. It's a good result you've reported FiftyOnePercent TradeBot to them.

They have been using GitHub as well to post malware for ages. The good news is that once you report such profiles in GitHub with evidence of the files the uploaded being malicious, they will immediately act and ban the profile, like they did with FiftyOnePercent TradeBot when I reported.

[BABY SHOES]

I found the same thing today in the forum, there were 5 users who created self-moderated ANNs which were actually spreading malware simultaneously with accounts created at the same time.

Nice catch, keep up the good work.

Thank you!

Like his sock puppet accounts they are many probably dozens as I found again at almost the same time they spread back on his self-moderated forum with 5 sock accounts currently.

I'm guessing they'd be doing this every day if there were still that many accounts in storage.

New arrests that have been reported in the @Lafu thread.
https://bitcointalk.org/index.php?topic=5182222.msg62892393#msg62892393