Bitcoin Forum

What happened; FAKE - TRON AIRDROP - 18,000 TRX

Website: https://tron-project.com/
Archived; http://archive.is/xhe8s


https://whois.domaintools.com/tron-project.com

https://i.gyazo.com/49ddd1abfb52662fbbc5f80a5d87790a.png

I received this notification from an email

https://i.gyazo.com/a3f509a64d7c25b4a05a1f787a0bc8cb.png

When you click on the wallet it will automatically download the malware wallet

https://i.gyazo.com/fb7f0e5789558af53615e5d308ce46eb.png

It's actually fortunate that the scammers were stupid enough to forget about the use of BCC. Reply to all in that email and make sure none of the potential victims go through with the link. After all, if they didn't realize that the "Bittrex Team" email came from yahoo of all places, they would probably be the exact audience that would be prone to this kind of scam.

Its too much risky for them who have limited amount of knowledge about wallet hackers. Its called force download by which they push their web vistors to download that malware wallet file. All their intention is to plant that malware file on visitors device which will play the key role for wallet hacking.

Note: I will suggest our community users to stay far from this malware coded website.

I reported a fake stellar airdrop here (https://bitcointalk.org/index.php?topic=5251491.msg54512166#msg54512166) All are looking very similar to each other. Same technic to scam. First, collect emails, sending email to crypto user by a popular exchange named email, a spreadsheet for submitting info, Lastly force to download a wallet/software which have malware.

All seem the same scammer team is running these fake airdrops and malware to steal money.

Looks like they have a fixed roadmap by following that they are continuing their scam game. I am really curious to find out the source of emails by which they are targeting specific crypto users.  
 
Yeap,,,most probably all these fake airdrop website owners are connected together and they have a strong source from where they get crypto users email.  

Yes, Obviously they have a strong source to collect emails. what I guess it could be this bitcointalk forum. Because what link I provided about stellar fake airdrop you can see a google form for submitting address and additional info where they put a slot for submitting bitcointalk username. So they know these people have a bitcointalk account too.

maybe they brought emails from the scam project, or they launch a fake airdrop or bounty where they asked for submitting email address. etc.

There is a high chance that they are scraping emails here, or those bounties that are asking for emails in the past are being used by this scammers. Luckily, I haven't received any so far because I never joined bounty. And I agree that this is the same scammers all along, registering domain names one after another and then continue with that email list blast.

I think it's like that they scrape the email from the previous bounty so they can easily send so many emails because it's already on their list, surely this will continue to be repeated and we will get the email really fed up with their trap.

Here's a run of the download in a sandbox: https://app.any.run/tasks/fa854a34-f9c9-4be6-9bfc-529ed16c94c3

Essentially, it installs a RAT on your system - most likely to steal keys/passwords/logins/cookies - and communicates via SOAP (https://en.wikipedia.org/wiki/SOAP) messages

Very interesting thank for posting this, now people will have an idea what happen when you visit the site and take the offer, the airdrop thing is now becoming very synonymous to scam, how many scams we have seen that cloak itself as airdrops, I already saw so many of it and some of them are being advertised on big channels like Adsense.