|
Title: Another scam/phishing attempt - blockchain users beware Post by: Super T on June 29, 2014, 09:48:53 PM OK...
These tweets: https://twitter.com/search?f=realtime&q=follow%20%40shodandice%20for%20latest%20news&src=typd (https://twitter.com/search?f=realtime&q=follow%20%40shodandice%20for%20latest%20news&src=typd) Suggest a bitcoin exchange has been hacked. They lead to this pastebin dump: http://pastebin.com/zxj24E6p Which in turn provides a link to the front page of the "exchange" [link not posted - proceed with caution]. http://imgur.com/QIyHlGJ (http://imgur.com/QIyHlGJ) A rather shoddy site, and strange, it isn't in the press, but I'm far too curious, surprise surprise, all of the compromised accounts contain funds, and not only that but the option to withdraw them is practically jumping out of the same page at me! http://imgur.com/oNZ2OOk,pkvY0Q4#0 (http://imgur.com/oNZ2OOk,pkvY0Q4#0) Clearly my luck is in, hackers have gained access to all user accounts and have benevolently opted to leave the money contained in them to anyone who wants it. Immediately attempting to withdraw my new found wealth leads to a quick confirmation message "Transaction processed, please check wallet" (or something like that), followed by auto-redirect to a "blockchain" page. http://imgur.com/oNZ2OOk,pkvY0Q4#1 (http://imgur.com/oNZ2OOk,pkvY0Q4#1) The blockchain page is not a blockchain page (see URL), and so I assume the plan is to target blockchain users (only?), I am asked to enter my account id and password - and presumably my account gets emptied as soon as details are entered. They also threw in a malicious file auto-download somewhere along the way (quarantined immediately) - so treat with extreme caution if investigating (I used a local client with NO wallet data anywhere near it, and with restricted permissions). http://imgur.com/iJaJDcQ (http://imgur.com/iJaJDcQ) PS - to pre-empt the inevitable accusations that I was attempting to steal these, it just isn't worth the argument, for everyone's sake please humor me with the assumption that I am honest. Title: Re: Another scam/phishing attempt - blockchain users beware! Post by: franky1 on June 29, 2014, 09:54:13 PM well your only linking imgur and twitter, and not the site. so its not like you can phish information from the images, but thanks for the warning..
people need to stop being so sheepish about websites and start to use proper bitcoin wallets. only ever put disposable income/pocket-money amounts in online services Title: Re: Another scam/phishing attempt - blockchain users beware Post by: Super T on June 29, 2014, 10:06:26 PM well your only linking imgur and twitter, and not the site. so its not like you can phish information from the images, but thanks for the warning.. Yeah - i was going to put the site link in but thought better of it, anyone keen can get it from the images - hence caution warning. Title: Re: Another scam/phishing attempt - blockchain users beware Post by: JBullFrog on June 29, 2014, 10:29:07 PM I was about to post something about this here. I will be adding your part about possible phishing when telling others about this.
Title: Re: Another scam/phishing attempt - blockchain users beware Post by: KSGuy on June 30, 2014, 07:21:35 PM I saw the tweet as well, seems real fishy
Also what was the file that was downloaded? Title: Re: Another scam/phishing attempt - blockchain users beware Post by: Super T on July 04, 2014, 07:21:32 AM Looks like more of the same... these started appearing a few mins ago.
http://m.imgur.com/Bmuxtcc http://m.imgur.com/Bmuxtcc |