Warning: Website Scam

[chihien531568]

Warning: https://zeldacoin.club/
This is a phishing website, people should not download and install on any of your devices, because they can get all your personal information and take control of your device.

[noorman0]

I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?

[Python Master]

I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?

Do you mean that it'll automatically download the file after you click the login button. Most scam websites do this.
Try to block automatic download, in chrome type in address bar chrome://settings/content, scroll and find Automatic downloads section, turn on
Ask when a site tries to download files automatically after the first file (recommended)

[OmegaStarScream]

I just installed it (didn't run it) and I noticed that at the last step, you are asked to run a file called null.exe (which is not inside the installed folder)



I searched for the file and found it in the following paths:

Code:

%AppData%/WinUpdate/
%AppData%/WinUpdate/ZLCWallet/4/

Scanning results: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection



So as OP said, this will allow the attacker to take control over your computer.

[Jeremy Franklin]

Nice find OP, but i think this post should be moved to "Scam Accusations". Stay safe everyone!

[bitbollo]

Hi @chihien531568
report to moderator this topic and ask to move to the right board.
Follow the format for a proper scam accusation according this format
https://bitcointalk.org/index.php?topic=260073.0
Thanks for your report

[CryptoYar]

More Information about this malware
File type:
Win32 EXE
File Name:
null.exe
Magic:
PE32 executable for MS Windows (GUI) Intel 80386 32-bit
File size:
2.11 MB (2214528 bytes)
Creation Time:
2017-08-11 13:54:06

Source:https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/details

[chihien531568]

I've registered on this site (using a temp-mail that apparently doesn't also require any confirmation) and was given a file with the source address https://zeldacoin.club/ZeldaWallet.exe. This will be obtained after clicking the login button (basically it can only log in through the app and it seems they deliberately hid this download link on the homepage).
So far I haven't installed this app yet. Can you be more specific in the app content (accompanied by screenshots) about your suspicions?

First they use telegram account to talk to me: they are managing a new trading platform, if possible, please help them promote the image as well as introduce the platform and they will pay salaries for I.
To create trust, they even said they would give me $ 80, but I needed to download and install it on my device to get them paid.
The result: as I said in the article, they can do anything on their computer.
Luckily I was suspiciou so I installed it on the computer without anything.

[LbtalkL]

I guess it better to post a screenshot of the website than putting the link here some people might click it and it is not safe. If they can get all of our personal information we can consider this a phishing too. If you found similar websites kindly report it here: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

[OmegaStarScream]

Update: I reached out to Namecheap, and they suspended the domain name (registrar status set to clientHold): http://whois.domaintools.com/zeldacoin.club

[Yaunfitda]

Yes, the site is no longer accessible, thanks to those who have reported it.

And thanks to the OP for the warning, this will be a continues mouse-and-cat game here. If you don't investigate, and just be very very careful on anything, don't careful, check everything first, update our anti-virus software. Stay vigilant and stay safe.

[JollyGood]

These scammers are getting more and more sophisticated. There is so much money in the crypto sphere that is why the scammers are finding more and more ways to steal from unsuspecting
people.

I just installed it (didn't run it) and I noticed that at the last step, you are asked to run a file called null.exe (which is not inside the installed folder)



I searched for the file and found it in the following paths:

Code:

%AppData%/WinUpdate/
%AppData%/WinUpdate/ZLCWallet/4/

Scanning results: https://www.virustotal.com/gui/file/c8425cf994f02784d3f8eeb570b6ac1edc5876908b64b40b532e2534a84a19ad/detection



So as OP said, this will allow the attacker to take control over your computer.