MINING.ML malware

[LordCoder]

I do not know where to post this, so please move if it's the wrong place

After I saw the software here: https://bitcointalk.org/index.php?topic=1150125.0
I decided to take a look at it.

Of course it installs a miner in your computer + a keylogger. Furthermore, it calls another executable after decrypting it via RunPE. A quick scan on Malwr showed the domain where it sends the stuff:
https://malwr.com/analysis/MzdjMjlmMzBkYzVhNGY2MjljNTE2OTQyYTljOTQwYjk/

Everything was protected with ConfuserEx so that AVs don't detect most of it.
The domain is: pownedfag.pw IP: 87.208.65.27.

Take care and do not download that shit.
Regards,

[BanzaiBTC]

This is the bastard...

https://bitcointalk.org/index.php?action=profile;u=405566

At least one of his accounts


LOLLOLLOL

What a sad bastard

[ocminer]

Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

[DebitMe]

Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

It must be a bot set up to post that link on a ton of threads.  I have seen it posted just randomly around and always report the post, not sure if it ever gets banned though.

I had reported a bunch of them a few days ago, and the admins must have ignored it because it brought my accuracy down almost 10%.

[LordCoder]

Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

It must be a bot set up to post that link on a ton of threads.  I have seen it posted just randomly around and always report the post, not sure if it ever gets banned though.

I had reported a bunch of them a few days ago, and the admins must have ignored it because it brought my accuracy down almost 10%.

I have never seen a scammer with a closed account. Maybe they want to keep them, who knows.

[ocminer]

Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

It must be a bot set up to post that link on a ton of threads.  I have seen it posted just randomly around and always report the post, not sure if it ever gets banned though.

I had reported a bunch of them a few days ago, and the admins must have ignored it because it brought my accuracy down almost 10%.

Same for me, reported some - nothing happened...

[goodguyed]

I can't imagine people click on those links.

I hope people don't click on those links.

[ocminer]

I can't imagine people click on those links.

I hope people don't click on those links.

Yes they do unfortuantely.. Otherwise those scammers wouldn't invest so much energy in such stuff...

[logocreator]

it is a virus, reported a few days ago, as ocminer says nothing happend

[Suntouri]

This is the bastard...

https://bitcointalk.org/index.php?action=profile;u=405566

At least one of his accounts


LOLLOLLOL

What a sad bastard

[img]http://puu.sh/jxHbd/f2b2976983.png[ /img]

Its a robber account
I report 3-4 message and mods dont delete it :/ please mods, ban him now

[LordCoder]

it is a virus, reported a few days ago, as ocminer says nothing happend

I have suspected it has more than a miner inside, I didn't run it of course. Luckily I have reported it today so that nobody falls in that shit.

[djm34]

actually I reported already that guy twice, the post got deleted.
But yes that guy should be banned

[badam]

This is the bastard...

https://bitcointalk.org/index.php?action=profile;u=405566

At least one of his accounts


LOLLOLLOL

What a sad bastard

[img]http://puu.sh/jxHbd/f2b2976983.png[ /img]

Its a robber account
I report 3-4 message and mods dont delete it :/ please mods, ban him now

Useless. he is posting from new accounts(but still old accounts at forum) all the time. I guess the virus gets the infected ones bt account too that's how he can get old accounts to post from

[djm34]

Thanks for posting the info, I really wonder what the Mods are doing ... Usually they ban/delete everything but those malware attempts seem to stay forever...

It must be a bot set up to post that link on a ton of threads.  I have seen it posted just randomly around and always report the post, not sure if it ever gets banned though.

I had reported a bunch of them a few days ago, and the admins must have ignored it because it brought my accuracy down almost 10%.

it isn't a bot he created a thread on the mining sub forum and locked it so no one can post

[Mickeyb]

So do you need to download a software from the website www.mining.ml or is it just enough to visit this website?

Thanks!

[LordCoder]

So do you need to download a software from the website www.mining.ml or is it just enough to visit this website?

Thanks!

Download the software. It's simply a .NET Framework, don't worry if you haven't run it.

[Mickeyb]

So do you need to download a software from the website www.mining.ml or is it just enough to visit this website?

Thanks!

Download the software. It's simply a .NET Framework, don't worry if you haven't run it.

Ok, so if I just entered the site, I have nothing to worry about?

Thanks for the help!

[LordCoder]

So do you need to download a software from the website www.mining.ml or is it just enough to visit this website?

Thanks!

Download the software. It's simply a .NET Framework, don't worry if you haven't run it.

Ok, so if I just entered the site, I have nothing to worry about?

Thanks for the help!

Nothing to worry about. Original domain: http://www.nutrilonexport.com/

[LordCoder]

That asshole hacked this account, he didn't change the password luckily. Now I have bad rep