Possible Romanian Phishing attempt using "metatrading" domain.

[hennessyhemp]

If you google the company, it is called Metatrader...the metatradING website is a phishing duplicate that will install a trojan.

I know because I got hit.  Then the guy used my BTCtalk account to advertise his scam.

If you clicked on a program and it looked like nothing happened...you are infected, get malwarebytes and run safe mode (assuming you're on windows).

They got in my cryptsy and withdrew all my funds rapidly (after converting everything to BTC), then deleted the confirmation emails.  I saw one of them before deletion and got notices that many of my other (coinbase, gemini, circle) accounts were being attempted (via my Authy two-factor app...get it, use it always).  

Two-Factor Authentication stopped them...use it with every account you put money in.

Be careful out there and change passwords regularly.

EDIT:  One of my accounts reports their IP as belonging to Romania. 

I don't know if they were using a VPN so they could have been from anywhere but this is the IP I had if anyone thinks they can help in any way:

149.3.142.244

[1714826735]

1714826735

[1714826735]

1714826735

[--Encrypted--]

you mean this domain -> www [dot] metatrading4 [dot] com ?

I saw someone posted this awhile ago (might be your account). can't find it now though.

[hennessyhemp]

you mean this domain -> www [dot] metatrading4 [dot] com ?

I saw someone posted this awhile ago (might be your account). can't find it now though.

Yes.

[RustyNomad]

Metatrader was created by MetaQuotes http://www.metaquotes.net/

Guess you know that already but just posting it here for reference should somebody else might pickup on the 'metatrader' part.

There is only two places from where you should download Metatrader and that is from MetaQuotes and or your broker's website. Also be very careful with downloading indicator and or expert advisor files for this platform especially if from unknown sites. If you do check them with a virus scanner first. These indicators and or expert advisors (EA's) can be coded to call dll files and many other things so will not be surprised either if this route is followed to slip something onto pc's.

[--Encrypted--]

bump.

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalk.org/index.php?topic=1237344.0
https://bitcointalk.org/index.php?topic=1237363.0

don't know enough to report it. if someone is sure then they should report those topics.


update:
that site leads me to a download page with a malware download.
https://www.virustotal.com/en/file/32829d353a9bd9b208d848c4af6a819e3ed72aca64882498473ca82d8e8243f2/analysis/1446649120/

going to report those topics now.

[Cyrus]

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalk.org/index.php?topic=1237344.0
https://bitcointalk.org/index.php?topic=1237363.0

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalk.org/index.php?action=profile;u=398526

[hennessyhemp]

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalk.org/index.php?topic=1237344.0
https://bitcointalk.org/index.php?topic=1237363.0

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalk.org/index.php?action=profile;u=398526

Updated thread and title to more accurately represent Romanian delegates. 

[V.Lace]

I guess this one is a phising site also? -> www [dot] metatrading5 [dot] com/
https://bitcointalk.org/index.php?topic=1237344.0
https://bitcointalk.org/index.php?topic=1237363.0

User neg repped and banned.
@OP, what makes you sure it was an attacker from Romania and not just someone using a VPN? You can call me biased for being from Romania myself, but the title is a bit misleading IMO.

Edit:
Another one: https://bitcointalk.org/index.php?action=profile;u=398526

Thanks  Cyrus, cause I am also from Romania!!!