Title: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: socks435 on April 01, 2019, 11:04:51 AM I just want people here to be aware on phishing fake Electrum websites that is why I created this thread to people who doesn't know if what are phishing site is.
Electrum announce (https://bitcointalk.org/index.php?topic=5095856.0) that lower version of electrum is no longer connected to the servers because it's under attack with fake/phishing URL link if you click the pop up screen that asking to update the Electrum you will be redirect to a fake website that listed below. Here is the sample of Electrum phishing site look like below. https://i.imgur.com/AeVNafT.jpg If you found a fake electrum website please post it here or PM me I will add it here so that other forum members are aware on fake phishing site. Here is my list of active fake electrum website that I found when scraping using scrapebox. Code: http://electrum.org.uk/ To protect your self from these phishing sites you can edit your hosts and add this line below. Code: 127.0.0.1 electrum.org.uk I'll put another list below for those who can help to hunt other active phishing sites including your username or I might be rewarded you with merit. Just make sure the site is active. Updated 6/20/2019 Code: electrumcircle.com Added by me Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: whotookmycrypto on April 01, 2019, 11:20:08 AM Great share.
Please add the following to the list Code: http://elecktrum.org Source: https://bitcointalk.org/index.php?topic=5124988.msg50330965#msg50330965 Also, since such lists quickly get outdated if not maintained, users may want to check against this site too: https://etherscamdb.info Stay safe. Edit: updated for the comment below. Yes, typo was made. Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: socks435 on April 01, 2019, 11:25:36 AM Great share. Please add the following to the list Code: http://elektrum.org Thanks :) Thanks for your help but the link you put is not the correct URL and the site seems a blog. The correct one according to the linked thread is Code: elecktrum.org It seems the site is no longer active. What I want is active Electrum phishing sites. Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Jating on April 01, 2019, 12:57:44 PM Since everyone here uses different OS, I will quote this here:
Another one to be added to your hosts files then. On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor. On Mac, navigate to "/private/etc/", and open the hosts file in a text editor. On Linux, open terminal and write "sudo nano /etc/hosts" Then add the following line quoted by you below. Code: 127.0.0.1 electrum.org.uk The original post can be found here: https://bitcointalk.org/index.php?topic=5126419.0 Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Kakmakr on April 01, 2019, 01:06:17 PM I also noticed something weird, when I accessed my wallet over the weekend. The option to automatically chose the server are being disabled by default. A possible fake server was selected by default and it did not want to connect to it. I enabled the "auto" selection again and it connected to the legit server. ::)
I updated to the latest version of the software, but I think they found some workaround to manipulate the server selection. <This raised my red flags and I now check the server every time I connect.> ;) Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: hugeblack on April 01, 2019, 01:36:42 PM Good work, thanks for the warning but such lists will not be useful because scammers are ahead of you in a step "Create more phishing sites."
All official electrum wallet releases are signed by ThomasV (https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc) so it is better to modify this subject to be how to check signatures to avoid phishing Electrum websites/links. So before you download a wallet, check your wallet signature "import ThomasV.asc public key and verify other signatures". Note that: Quote from: https://electrum.org/#download Windows builds are reproducible, and signed by several developers. See the list here (https://github.com/spesmilo/electrum-signatures/tree/master/3.3.4/) Add this to your list Code: www[.]electrumbuild[.]org Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Harlot on April 01, 2019, 03:29:40 PM People also need to be aware that older versions of Electrum's software has been hijacked by hackers now which will block your attempt to send BTC and fool you on trying to install a "newer" vesrion of Electrum which is also fake as its just a phishing software trying to steal your seeds and private keys. Electrum hacks are almost everywhere as its a popular desktop wallet and I think Electrum should keep up on their monitoring to avoid potential losses from their clients.
Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Lucius on April 02, 2019, 10:27:11 AM I check all sites from the list, the result is the following : First and last site from the list are loaded quite normal (no blocking from adblock, av or other security software), and other sites are blocked by my browser (Firefox) as Deceptive site ahead with the following warning :
Quote electrumclient.org has been reported as a deceptive site. You can report a detection problem or ignore the risk and go to this unsafe site. Learn more about deceptive sites and phishing at www.antiphishing.org. Learn more about Firefox’s Phishing and Malware Protection at support.mozilla.org. http://i68.tinypic.com/2euol82.jpg Although the idea of blocking such sites in users host file is not bad, for most users it still represents a challenge. What we need to do is report such sites as phishing to Google (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en). In this way such sites will be blocked for every user, even those who are not aware of the problem will be protected. It is also important to use adblocks for browsers, since most users use search engines to find Electrum site, and bad ones usually pops up at the top of the search list. The last line of defense is antivirus software which should be updated, and good AV will analyze any downloaded file and prevent the user from installing bad software. Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: o_e_l_e_o on April 02, 2019, 02:42:54 PM Although the idea of blocking such sites in users host file is not bad, for most users it still represents a challenge. What we need to do is report such sites as phishing to Google (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en). In this way such sites will be blocked for every user, even those who are not aware of the problem will be protected. On Firefox you can also access this link (with the URL pre-populated by the page you are visiting from) by click on Help -> Report deceptive site. I've tried to make the instructions to edit the hosts file as simple as possible - you literally just locate the file in the directories I have listed, open it with a text editor, paste the code at the bottom, and save it. Most users should be able to manage that.It is also important to use adblocks for browsers, since most users use search engines to find Electrum site, and bad ones usually pops up at the top of the search list. The last line of defense is antivirus software which should be updated, and good AV will analyze any downloaded file and prevent the user from installing bad software. You shouldn't be using a search engine to find sites like electrum, myetherwallet, binanace, this forum, etc. It is much safer to manually type in the URL. Ad-blockers and antivirus are a must (in addition to extensions like HTTPS Everywhere and Privacy Badger), but you can't rely on these to protect you 100%.Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Juggy777 on April 02, 2019, 05:38:05 PM People also need to be aware that older versions of Electrum's software has been hijacked by hackers now which will block your attempt to send BTC and fool you on trying to install a "newer" vesrion of Electrum which is also fake as its just a phishing software trying to steal your seeds and private keys. Electrum hacks are almost everywhere as its a popular desktop wallet and I think Electrum should keep up on their monitoring to avoid potential losses from their clients. Hey this reminds me of the hack which happened in Electrum wallet a while ago, where people were asked to update it from the wallet itself. I feel this thread contains valuable information as large number of people including me use Electrum wallet for storing and transacting bitcoins. Also I feel one should use Electrum app on mobile to be on a safe side, as all issues seem to be on the desktop version so far. Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Baofeng on April 03, 2019, 05:55:58 AM Will you consider this one?
https://i.ibb.co/smYsSXy/Screen-Shot-2019-04-03-at-1-50-17-PM.png (https://ibb.co/ngJQ2Kz) Obviously, there is a Github repo link which I think is another way to phished specially noob's. Code: http://docs.electrum.org/en/latest/ Off-topic. Glad to see someone who uses scrapebox. ;D. I'm been using it way back 2010-2011 when I was doing a lot of social media marketing back then. And I was amaze that it has a lot of updates, totally lose my mind seeing lots of options now. ;D Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Lucius on April 03, 2019, 09:03:02 AM ~snip~ In fact, it is not difficult to edit host file, but some users will certainly have problems with such things. This only solves the problem of the existing phishing sites, and the much bigger problem are new or undetected sites which appear every day.Internet users use search engines, this is an indisputable fact - and so will be in the future. It's important when we make sure that the address of a site is correct, to add that site to our browser bookmarks and use that link to access site every time. Antivirus and adblockers are not 100% safe way of protecting, but in my personal experience in most cases they do their job well. Yesterday I report first and last phishing site from the list to Google Safe Browsing, today both sites are blocked by Malwarebytes as phishing sites. It seems the majority of security software and browsers using Google data for phishing sites, so it is important to report such sites as soon as possible, and they will be blocked in one way or another. Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: socks435 on April 06, 2019, 05:48:56 PM Update:
I added these 2 alive phishing Electrum websites. Code: electrumcircle.com I'll add more once I found new Electrum phishing websites. Anyone can help me find fake Electrum sites just make sure it is alive website. Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Baofeng on April 18, 2019, 07:29:40 AM Code: http://electrum.bz Someone got phished based on this reddit post: https://www.reddit.com/r/Electrum/comments/bcrgyq/major_issue_with_electrum/ Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Lucius on April 18, 2019, 09:41:27 AM Baofeng, that site is already reported in Electrum board, and it is blocked in some browsers (Firefox, Brave), and Malwarebytes is also block access to that site.
Code: http://electrumsecuredownload.com This one is still available in some browsers, but I hope that it will be blocked soon. Just use link to report such sites to Google (link in my previous post), and they will remove them from search results. Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: TryNinja on April 18, 2019, 10:05:53 AM Make sure to always report them with these links:
We can report them here: https://support.google.com/google-ads/troubleshooter/4578507 And here: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en This will remove them from showing up on Google ads. They will be blocked on Chrome and Firefox. Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: HCP on May 15, 2019, 03:43:33 AM A couple of others to add to your list...
Code: elecfrum.org The first was being shilled on the boards yesterday... the later is an old fake website that seems to have resurfaced. Title: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Kakmakr on May 15, 2019, 07:31:25 AM I see they added a link to the latest Electrum update at the bottom of the wallet, when you open it. People should not simply click on that link, without double checking the URL that it is pointing too. We saw how "default" servers with exploits have been added in the client in previous versions, so it is not unlikely that hackers might edit that Url and replace it with a phishing site. >:(
I download all "updates" from the official site or Github repository, so I ignore prompts like that. ;) Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: Pmalek on May 15, 2019, 08:51:58 AM To expend on what HCP said in his post earlier. There were a few threads opened yesterday on the forum, probably from hacked accounts, that were shilling a fake message that Electrum was updated to version 3.3.6. There is no version 3.3.6 so be careful if you see such threads. It leads to a fake wallet hosted on the address that HCP posted in his post.
Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: HCP on May 15, 2019, 10:01:01 PM So... some positive news... I received this email overnight :)
Domain Registrars usually take abuse claims relatively seriously... especially in the case of malware and phishing. It's worth reporting! Quote Namecheap Legal & Abuse Team <abuse@namecheap.com> 15 May 2019, 22:46 to me Hello, This is to inform you that the electrum[ . ]mx domain was suspended. It has been placed on the clientHold status and locked to prevent modifications in our system. Thank you for letting us know about the issue. ----------------------- Regards, Nikita O. Legal & Abuse Department Namecheap.com Title: Re: ⚠⚠️⚠~Beware on active phishing Electrum websites~⚠⚠️⚠ (Collection list updated) Post by: IeSua on July 31, 2019, 01:29:28 PM IOCs
Malicious Electrum wallet binaries Code: 137e8925667ff75b1c516a97b5d2d3dd205f9302cdeb190fc68855aee2942c22 Fake domains Code: btc-electrum[.]com Attacker Bitcoin addresses Code: bc1qhsrl6ywvwx44zycz2tylpexza4xvtqkv6d903q Fraudulent/malicious digital certificates (Windows only) Code: Name: PRO SOFTS RIG EK payload Code: 9296b210b782faecca8394b2bd7bf720ffa5c122b83c4ed462ba25d3e1b8ce9a transactionservices.exe (Electrum wallet) Code: c3a7cf30428689a44328090b994ce593bbf2a68141fcbefb899dee4fec336198 IPs (Electrum wallet host and configs) Code: 178.159.37[.]113 https://blog.malwarebytes.com/cybercrime/2019/04/electrum-bitcoin-wallets-under-siege/ == Phishing with Unicode https://s18.directupload.net/images/190731/d2aengwh.png https://twitter.com/ElectrumWallet/status/1144678604523147265?s=20 |